Snort mailing list archives

Re: Can you simply merge separate Snort SQL databases?

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 2 May 2002 15:53:58 +1200

On Wed, May 01, 2002 at 09:20:15AM -0700, David E. Wach wrote:

One problem you'll have is that Snort dynamically adds entries into
several tables as it sees events (reference, reference_system,
sig_class, sig_reference, and signature).  If you pull data into a
central database you're events will reference bogus data.


Gah! That sounds nasty. I wonder, could you fake it? i.e. pull over the
unique data, and then regenerate all the reference table data? 

It seems to me that this sort of central DB is the one thing you can
slash-and-burn on demand - all the "live" DB servers should be left alone if
possible...

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Can you simply merge separate Snort SQL databases? Jason Haar (Apr 30)
- <Possible follow-ups>
- RE: Can you simply merge separate Snort SQL databases? David E. Wach (May 01)
  - Re: Can you simply merge separate Snort SQL databases? Jason Haar (May 01)
- RE: Can you simply merge separate Snort SQL databases? David E. Wach (May 02)