Database output

[Erwin Van de Velde <erwin.vandevelde () ua ac be>]

Hi,

I'm using a postgresql database to store the output of my snort sensors, but 
what happens if the database is temporarily unavailable (for instance, 
connecting fails due to a heavy load on network / database)? Does snort keep 
the queries for sending when database connectivity is restored? Or are these 
queries dropped? 
In my opinion, storing these queries temporarily is the safest solution, as we 
must certainly log data when a severe attack on our network takes place... 
And then chances are bigger that we can't connect to the database 
immediately.
And does snort open a database connection for every query it sends? Or is 
there some sort of persistent connection (for example one that times out 
after 1 minute of inactivity, closing the connection then)...
I'd like to use SSL connections to the database, using stunnel, but opening a 
connection for every query would have severe consequences for network and 
server.

Thanks in advance,

Erwin Van de Velde
Student of Antwerp University
Belgium



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users