I was just talking about snort logging friday with this in mind.. My understanding of the snort logs include a significant binary component. This would not be trivial to deal with in rsyslog without encoding it first.
David Lang On Sun, 28 Mar 2010, Ralph Crongeyer wrote: > All, > I'm would like to try to have a setup like this. Have Snort log to > rsyslog and then have rsyslog log to a mysql Base schema database. > I know that people use Barnyard and or Barnyard2 for this setup to > offload the writing to mysql to barnyard so that barnyard could receive > snort logs and spool them if necessary before writing to mysql should > mysql not be able to keep up. > It seems to me that rsyslog's spooling capability could eliminate the > need for barnyard. > How would one go about applying a (for lack of better words) particular > database schema so that rsyslog could write to the base database? > > Does anyone have any thoughts on this? > > Thanks, > Ralph > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
