thefergus, thank you very much for your detailed email, I agree completely on the Snorby dependencies; it took me two tries(1 week each) to get that thing working on a LAB environment without forcing its ruby dependencies ( I used RVM)... I will keep your warnings regarding performance issues in mind while I keep trying to make snorby work as I have dedicated way too much time on it, I even took a small crash course on perl this weekend to try and update the ossec2mysql.pl script originally made for BASE.
In case anyone else is following this, Dan's note on Barnyard2' support for prelude output would fix my issues with the current snort upgrade to =>2.9.3 but as I said, I'd really like to get snorby up and running. If and when I do, I will post back with details on what I did and how everything is moving along. Our retwork isn't big, around 350 desktops and snort handles around 10k active sessions throughout the day, at most. OSSEC currently monitors 27 hosts. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group, send email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.