Snort mailing list archives

Re: Barnyard - Database link down

From: beenph <beenph () gmail com>
Date: Sun, 5 Aug 2012 23:15:19 -0400

On Sun, Aug 5, 2012 at 11:00 PM, Steven Vona <savone () gmail com> wrote:


I have a question about how barnyard will react if the link is down
between the sensor and the database server.

If there is no route to the database server will barnyard queue the
messages for when the link is restored or just dump them into the bit
bucket?


Barnayrd2 version 1.9 will depending on the database module used to
output either die
or forward and terminate a one point.

version 1.10 has some new code that retry a defined numbed or time
(10 and configurable) before stoping cleanly
The transactional code in 1.10 is more robust and if a transaction
fail and your dbms strictly respect the transaction
nothing will corrupt the schema.


This being said when you use unified2 nothing is lost until you erase
the unified2 file, thus its allways possible
to replay events if something would happen ie: database crash or corruption.


I hope this answer your question.

-elz


I hope someone can help me with this question as I am trying to decide
how to implement snort in two locations.

Thanks


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Barnyard - Database link down Steven Vona (Aug 01)
- Barnyard - Database link down Steven Vona (Aug 05)
  - Re: Barnyard - Database link down beenph (Aug 05)
    - Re: Barnyard - Database link down William Sandin (Aug 05)
    - Re: Barnyard - Database link down beenph (Aug 05)
- Barnyard - Database link down Steven Vona (Aug 07)