RE: Snort and M$ Access?????

["John Kirk" <jkirk00 () home com>]

Since you have MS Access, I assume you have MS OFFICE, which includes
MSDE which is the Desktop version of MS SQL with a 2GB data limit. You
could stop logging to MYSQL and log from your Linux snort box to the
MSDE (MSSQL)database on the Win box for all your "database" logging,
works great with ACID also. Now you can link MS Access directly to the
MSSQL database, without the speed limit of MS Access.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Graham,
Randy (RAW) 
Sent: Friday, February 08, 2002 1:59 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort and M$ Access?????


Sorry, but I'm forced to ask this...

I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19
on a couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning
*BSD well enough to correct the error of my ways).  Everything is
working great, and I love it.  Today, the bosses come to me and ask if
we can make Snort output to an Access database instead.  Knowing where
this is going, I try to fend it off by telling a little lie about what
databases Snort supports (mysql and postgres only).  So, they ask about
dumping the mysql database info into an Access file or flat text so
Access can read it in.  Apparently, they want to store the data on our
"more secure" Win2k server.  Keep in mind that these are the same people
who won't let me use open source software because someone might have
compiled a trojan in to the source I'm downloading...

Anyway, what I really need to know is, does there exist some tool that
will allow for "easy" (meaning little work for me, and I don't care how
much work for others) migration/transport of the mysql database info
from my Linux machine to their Win2K box?  If so, does there exist a
tool to pull that info back out in a usable format - something
comparable to ACID or SnortSnarf?

I don't even know what else to ask, because I'm still flat on my back
from effectively being told that my Linux machine (which only has ssh
and the stunnel connection for mysql input from other sensors open) is
not as secure as their Win2K machine (which acts as the department print
and file server, and had IIS running unbeknownst to our admin for 6+
months until we discovered it in a routine scan before Christmas).  As I
understand more what the bosses want, I may be back with more questions.

Oh yea, and I may be slightly biased against the M$ based solution, but
if someone can show me a good way to do this with an M$ OS and an M$
database, I'll at least seriously consider it.

Randy Graham
-- 
The Internet?  Bah!  Is that thing still around?  -- Homer Simpson
http://www.securitynewbie.com/ - for people like me

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users