Re: v2.8.4 incorrect logging to MySQL

[James Lay <jlay () slave-tothe-box net>]

From: Ron Jenkins <rjenkins () rmjcs net>
Date: Mon, 13 Apr 2009 09:21:09 -0500
To: 'Joel Esler' <jesler () sourcefire com>
Cc: James Lay <jlay () slave-tothe-box net>, Snort
<snort-users () lists sourceforge net>
Subject: RE: [Snort-users] v2.8.4 incorrect logging to MySQL

We are backing down from v2.8.4 until the new version can successfully write
to the sensor and signature tables correctly.
 
Until Soucrefire truly removes writing to the MySQL database and forces
unified logging we see no reason to change at this time.  Yes the new rule
changes are much wanted, but after reading on the mass issues on the snort
forums with the new version we are holding off on the update.
 
Thanks  
 



I have to chime in and second this.  Though Unified might be best, for
smaller shops, my perception is that barnyard is an added layer of
complexity.  I run snort at the house on OS X...pretty much to catch the
obvious dumb crap coming in from the outside world and to catch if the kids
machines get something naughty.  Again, larger shops where IDS is mission
critical should take the extra step, but small ones..eh...I¹ve found that
logging direct to mysql works well enough.  My 0.02 I guess.

James

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users