Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: logging when the connection to MySQL is lost

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 11 Oct 2002 13:15:46 -0700 (PDT)
On Thu, 10 Oct 2002, Hubert Karlch wrote:


simple question, what happens when I configure snort to use the
database-output for mySQL and the connection to the mySQL-Server is lost, becauseof :
a) when logging local mySQL crashes
b) when logging over a network a problem with the network occurs
c) when using stunnel to encrypt the traffic between snort an mySQL stunnel
crashes

Are these alerts lost or are they stored somewhere local on the
snort-sensor?


It depends on your setup.  You can have it output to more than one output
method....


From what you are describing, I would suggest to log to unified and use

Barnyard to read files and send it to the db.  When using BY, snort does not
connect to the DB, BY does.  If it can't connect, it spools data until it can.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: