Snort mailing list archives
Re: v2.8.4 incorrect logging to MySQL
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 13 Apr 2009 09:41:44 -0400
Unified does not have the problem at all. J On Mon, Apr 13, 2009 at 9:35 AM, Ron Jenkins <rjenkins () rmjcs net> wrote:
I fully understand and the plan to move to that direction, but not read yet. Will unified correct these problem with the new release? Thanks ------------------------------ *From:* Joel Esler [mailto:jesler () sourcefire com] *Sent:* Monday, April 13, 2009 8:38 AM *To:* Ron Jenkins *Cc:* James Lay; Snort *Subject:* Re: [Snort-users] v2.8.4 incorrect logging to MySQL Okay, however, obviously, you are going to get my 0.02 speech, logging to DB directly should never be used in a production environment. The code for it was written, truly, as a college project, and has been sparely incrementally updated over the years. Unified the the best. Joel On Mon, Apr 13, 2009 at 9:30 AM, Ron Jenkins <rjenkins () rmjcs net> wrote: Thank you… We will not be able to update until this is corrected. ------------------------------ *From:* Joel Esler [mailto:jesler () sourcefire com] *Sent:* Monday, April 13, 2009 8:34 AM *To:* Ron Jenkins *Cc:* James Lay; Snort *Subject:* Re: [Snort-users] v2.8.4 incorrect logging to MySQL I can't speak for the developers, as they probably aren't on this list, however, I'll make sure they know about it. J On Mon, Apr 13, 2009 at 9:18 AM, Ron Jenkins <rjenkins () rmjcs net> wrote: Is this the only solution? Is sourcefire going to correct this issue? Thanks ------------------------------ *From:* Joel Esler [mailto:jesler () sourcefire com] *Sent:* Monday, April 13, 2009 8:13 AM *To:* James Lay *Cc:* Snort *Subject:* Re: [Snort-users] v2.8.4 incorrect logging to MySQL The preferred method of logging with any version of Snort is unified. Using Unified ensures the best performance of any output system available from Snort. Using a 3rd party tool such as barnyard or SnortUnified.pm to process the unified files and insert them into the DB relieves Snort from having to do DB inserts itself, which will have a performance drain on the system. This is isn't a reason to not upgrade. You must upgrade Snort to stay current with the proper detection. Joel On Mon, Apr 13, 2009 at 8:41 AM, James Lay <jlay () slave-tothe-box net> wrote:From: Danny Paul <JDPAUL () GoColumbiaMO com> Date: Mon, 13 Apr 2009 07:22:04 -0500 To: Stephen Reese <rsreese () gmail com>, Matt Watchinski <mwatchinski () sourcefire com> Cc: Snort <snort-users () lists sourceforge net> Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQLI verified as well that no inserts were being made into the signatures or sensors table.I take it that folks needing this functionality should hold off on upgrading? Would it do any good to test this on different platforms (I was holding off to upgrade on Mac OS X 10.5.6 to see how this issue panned out)? James ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974
-- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: v2.8.4 incorrect logging to MySQL, (continued)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Stephen Reese (Apr 11)
- Re: v2.8.4 incorrect logging to MySQL Danny Paul (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL James Lay (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Message not available
- Re: v2.8.4 incorrect logging to MySQL Joel Esler (Apr 13)
- Re: v2.8.4 incorrect logging to MySQL Matt Watchinski (Apr 13)
- R: v2.8.4 incorrect logging to MySQL: PATCH snortml (Apr 13)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Todd Wease (Apr 13)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Stephen Reese (Apr 13)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Jason Wallace (Apr 14)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Todd Wease (Apr 14)
- Re: R: v2.8.4 incorrect logging to MySQL: PATCH Jason Wallace (Apr 14)
- view alerts in base David Kingsly (Apr 19)
- Re: view alerts in base David Kingsly (Apr 19)