All, I'm would like to try to have a setup like this. Have Snort log to rsyslog and then have rsyslog log to a mysql Base schema database. I know that people use Barnyard and or Barnyard2 for this setup to offload the writing to mysql to barnyard so that barnyard could receive snort logs and spool them if necessary before writing to mysql should mysql not be able to keep up. It seems to me that rsyslog's spooling capability could eliminate the need for barnyard. How would one go about applying a (for lack of better words) particular database schema so that rsyslog could write to the base database?
Does anyone have any thoughts on this? Thanks, Ralph -- Reminds me of my expedition into the wilds of Afghanistan. We lost our corkscrew and were compelled to live on food and water for several days. - WC Fields _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
