Re: sqlite output (was: some QP text in a Korean character set)

[Matt Kettler <mkettler () evi-inc com>]

At 05:18 PM 8/31/2004, =?EUC-KR?B?Ill1Y2hhbiBQYXJrIg==?= wrote:
> I want to get and put db using sqlite instead of mysql or oracle etc..
>
> Can i module for output or rule using sqlit??

I suppose it would be possible for one to be developed, but none exists at 
this time.

One thing that is VERY different is that sqlite is not a client/server 
database like mysql or oracle. It's a local-filesystem based database.

I'm also not sure sqlite is a good idea for this purpose, as it claims to 
not be well suited to "high volume" applications and large database 
applications, something many snort sensors run into.

It's also a "global lock" type database, which means that when your 
monitoring backend is reading the database, your sensor is blocked from 
writing it. This would impact snort's packet drop rate VERY severely. Snort 
more-or-less requires low-latency access to write the database durring reads.

Might I suggest a closer look at sqlite's own information on the subject, 
especially the section on "High Concurrency":

        http://www.sqlite.org/cvstrac/wiki?p=WhenToUseSqlite







-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users