Re: DB Rules

[Chris Green <cmg () uab edu>]

Tom Sevy <tsevy () epx com> writes:

> I wouldn't really be in favor of putting the rules into a DB.  Just my
> opinion, but I don't think it adds value to the program.  Nice?  Yes, maybe.
> I think this could be achieved with rsync though.

Changing large sets of rules at once without coming up with a kludge
of a regex that I hope I get right is what I wish for.
> Going off-track from snort itself, does anyone know of an Open Source
> message queue?  We had in-house apps that suffered the same problem
> (dependent upon connection to DB/SQL Server) and we solved it by putting a
> message queue between the App(s) and the database.  So if this is really a
> problem (snort hangs when blocked in DB output) then it might be resolved by
> an output plugin that writes to a message queue, then another process that
> reads the message queue and inserts to the DB.  If there is a block in the
> DB, then the writing process will wait, but snort keeps going.

This is what barnyard will be in a way ( write to disk then have spo's
write to whatever output format you wish ).
-- 
Chris Green <cmg () uab edu>
"I'm beginning to think that my router may be confused."

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users