RE: Feature Request?

[Kevin Brown <Kevin.M.Brown () asu edu>]

I haven't looked at the latest stuff in cvs.  Current version I'm running
is:

bash-2.03# /usr/local/bin/snort -V

-*> Snort! <*-
Version 1.8-beta5 (Build 24)
By Martin Roesch (roesch () clark net, www.snort.org)

I just checked out the new version from cvs and will give it a try (new db
schema to implement) and see if the new schema also improves the speed of
the db when it gets to > 1GB.

-----Original Message-----
From: Dragos Ruiu [mailto:dr () kyx net]
Sent: Monday, July 02, 2001 10:33
To: Kevin Brown; 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Feature Request?


I dunno if it's a new feature request.... Marty's excellent new "barnyard"
output system might achieve this already, and if not it will make building
this in easy.  Have you looked at the cvs code?

--dr


On Mon, 02 Jul 2001, Kevin Brown wrote:
> I was wondering how hard it might be to implement something within snort
as
> part of the logging features.  The snort box that I run here connects to a
> remote database to log alerts.  The problem is that for various reasons
> (firewall crashing, servers being rebooted, etc...) snort looses
connection
> with the SQL db and then the snort process dies.  A possible feature that
> could be useful for others who might be in a similar situation would be
some
> way to cache the inserts until such a time as the server comes back online
> and then the data could be sent.  This would be good as there wouldn't be
a
> repeat of what happened this last week when I went on vacation and no one
> else checked on the snort box after the firewall locked up (the firewall
> sits between our 6 servers and the rest of the world, the snort box is out
> near the edge of the network).
>
> Begin Geek Code;
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
> ^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%
> 16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
> h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
>
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
> $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
> (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Dragos Ruiu <dr () dursec com>   dursec.com ltd. / kyx.net - we're from the
future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users