Snort mailing list archives
Re: Feature Request?
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 2 Jul 2001 10:32:53 -0700
I dunno if it's a new feature request.... Marty's excellent new "barnyard" output system might achieve this already, and if not it will make building this in easy. Have you looked at the cvs code? --dr On Mon, 02 Jul 2001, Kevin Brown wrote:
I was wondering how hard it might be to implement something within snort as part of the logging features. The snort box that I run here connects to a remote database to log alerts. The problem is that for various reasons (firewall crashing, servers being rebooted, etc...) snort looses connection with the SQL db and then the snort process dies. A possible feature that could be useful for others who might be in a similar situation would be some way to cache the inserts until such a time as the server comes back online and then the data could be sent. This would be good as there wouldn't be a repeat of what happened this last week when I went on vacation and no one else checked on the snort box after the firewall locked up (the firewall sits between our 6 servers and the rest of the world, the snort box is out near the edge of the network). Begin Geek Code; $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c ^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_% 16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$ h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Feature Request? Kevin Brown (Jul 02)
- Re: Feature Request? Dragos Ruiu (Jul 02)
- Re: Feature Request? Chris Green (Jul 02)
- <Possible follow-ups>
- RE: Feature Request? Kevin Brown (Jul 02)
- RE: Feature Request? Kevin Brown (Jul 02)