Snort mailing list archives
Re: Can you simply merge separate Snort SQL databases?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 2 May 2002 15:53:58 +1200
On Wed, May 01, 2002 at 09:20:15AM -0700, David E. Wach wrote:
One problem you'll have is that Snort dynamically adds entries into several tables as it sees events (reference, reference_system, sig_class, sig_reference, and signature). If you pull data into a central database you're events will reference bogus data.
Gah! That sounds nasty. I wonder, could you fake it? i.e. pull over the unique data, and then regenerate all the reference table data? It seems to me that this sort of central DB is the one thing you can slash-and-burn on demand - all the "live" DB servers should be left alone if possible... -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can you simply merge separate Snort SQL databases? Jason Haar (Apr 30)
- <Possible follow-ups>
- RE: Can you simply merge separate Snort SQL databases? David E. Wach (May 01)
- Re: Can you simply merge separate Snort SQL databases? Jason Haar (May 01)
- RE: Can you simply merge separate Snort SQL databases? David E. Wach (May 02)