Snort mailing list archives
Re: Barnyard - Database link down
From: beenph <beenph () gmail com>
Date: Sun, 5 Aug 2012 23:15:19 -0400
On Sun, Aug 5, 2012 at 11:00 PM, Steven Vona <savone () gmail com> wrote:
I have a question about how barnyard will react if the link is down between the sensor and the database server. If there is no route to the database server will barnyard queue the messages for when the link is restored or just dump them into the bit bucket?
Barnayrd2 version 1.9 will depending on the database module used to output either die or forward and terminate a one point. version 1.10 has some new code that retry a defined numbed or time (10 and configurable) before stoping cleanly The transactional code in 1.10 is more robust and if a transaction fail and your dbms strictly respect the transaction nothing will corrupt the schema. This being said when you use unified2 nothing is lost until you erase the unified2 file, thus its allways possible to replay events if something would happen ie: database crash or corruption. I hope this answer your question. -elz
I hope someone can help me with this question as I am trying to decide how to implement snort in two locations. Thanks ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard - Database link down Steven Vona (Aug 01)
- Barnyard - Database link down Steven Vona (Aug 05)
- Re: Barnyard - Database link down beenph (Aug 05)
- Re: Barnyard - Database link down William Sandin (Aug 05)
- Re: Barnyard - Database link down beenph (Aug 05)
- Re: Barnyard - Database link down beenph (Aug 05)
- Barnyard - Database link down Steven Vona (Aug 05)
- Barnyard - Database link down Steven Vona (Aug 07)