Snort mailing list archives
Re: Snort logs to MySQL
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sun, 29 Jan 2017 17:29:13 +0000
There are massive differences (aside from the fact that the ruleset won't work in that version of Snort anymore) 2.3 is more than 10 years old! I suggest output from Snort in unified2 and use Barnyard2 to insert into the database. -- Sent from my iPhone On Jan 29, 2017, at 12:15 PM, Abdullah AL-Mutairy <abohabeeb1412 () gmail com<mailto:abohabeeb1412 () gmail com>> wrote: Thanks guys! But what if i want to use an older version of snort (ex: snort 2.3) that support logging directly to MySQL DB .. just for testing purposes not for production. Is there much deferences between 2.9 and 2.3? Or just few bug fixes? I tried to use barnyard but i couldn't make it work as it needs some compiler, i tried to compile and but couldn't make it work too! (Bad luck i guess -_-) Why do you need a third party tool just to copy the logs? Wouldn't be better if there some process or optional service inside snort that copy or export logs? I just want to perform some experiments of snort as a signature-based IDS. Sorry for the too many questions! I really appreciate your help :) . . . . . On Jan 28, 2017, at 10:55 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: Waldo is 100% correct. -- Sent from my iPhone On Jan 28, 2017, at 1:52 PM, "wkitty42 () windstream net<mailto:wkitty42 () windstream net>" <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote: On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote: Hello everyone! I'm wondering why snort developers stopped supporting logging to SQL database directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better if snort just logs to SQL directly? no... if the database is not available or there is a problem, snort would hang waiting on the connection to clear and return... that hang lead to traffic being missed... it is best if snort just write to its logs and let something else worry about pharting about with some database mess ;) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort logs to MySQL Abdullah AL-Mutairy (Jan 27)
- Re: Snort logs to MySQL Al Lewis (allewi) (Jan 27)
- Re: Snort logs to MySQL wkitty42 (Jan 28)
- Re: Snort logs to MySQL Joel Esler (jesler) (Jan 28)
- Re: Snort logs to MySQL Abdullah AL-Mutairy (Jan 29)
- Re: Snort logs to MySQL Joel Esler (jesler) (Jan 29)
- Re: Snort logs to MySQL Joel Esler (jesler) (Jan 28)