Snort mailing list archives
Re: mysql support is not compiled into this build of snort
From: Jim Campbell <jim () w4bqp net>
Date: Sat, 7 Apr 2018 20:50:53 -0400
Barnyard2 works, but is beginning to have problems. Following is one of the messages that I occasionally see:
barnyard2[1158]: [Database()]: Insertion of Query [INSERT INTO event (sid,cid,signature,timestamp) VALUES (4, 35252, 777, '2018-04-06 09:56:03');] failed
Even though it reports a failure, BASE is outputting the alert so I can live with it.
I am running Snort 2.9.9.0 and am very satisfied with what it is doing for me.
On 4/7/2018 6:22 PM, Joel Esler (jesler) via Snort-users wrote:
On Apr 7, 2018, at 4:39 PM, wkitty42 () windstream net <mailto:wkitty42 () windstream net> wrote:On 04/07/2018 04:13 PM, Marcin Dulak wrote:On Sat, Apr 7, 2018 at 9:20 PM, <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote: 2. as Al noted, snort 2.6 is very old and out of date... snort no longer talks directly to the databases like it once did... there were too many situations that would cause snort to miss traffic (eg: the database was down)... snort would get hung up on the database stuff and simply miss traffic... so the database code was ripped out and snort only writes to itslog files... now you use a tool like barnyard2 https://github.com/firnsy/barnyard2 is not maintained.interesting... when did it become unmaintained?? my understanding is that it has been /the/ tool to use to put snort U2 logs into databases for several years...in any case, thanks for the heads up... i'll stop recommending it if it is not the Talos recommended tool to use...AFAIK, It's still the tool, and works just fine. Just because it hasn't been updated in awhile doesn't mean it doesn't still work. But we are aware that it hasn't been updated in awhile-- *Joel Esler* Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
-- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- mysql support is not compiled into this build of snort 2014/2015 - Nsabimana Thierry (Apr 07)
- Re: mysql support is not compiled into this build of snort Al Lewis (allewi) via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 07)
- Re: mysql support is not compiled into this build of snort Marcin Dulak via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 07)
- Re: mysql support is not compiled into this build of snort Joel Esler (jesler) via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort Jim Campbell (Apr 08)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 08)
- Re: mysql support is not compiled into this build of snort 2014/2015 - Nsabimana Thierry (Apr 08)
- Re: mysql support is not compiled into this build of snort Marcin Dulak via Snort-users (Apr 07)