Snort mailing list archives
Re: Diagnosing MySQL server has gone away messages
From: Jason <security () brvenik com>
Date: Thu, 23 Aug 2007 01:32:37 -0400
bleh wrote:
Your attacks aren't going to work. Your argument is flawed.
well, the game is entirely different then. lets engage in more meaningless banter. [...]
There is absolutely no advantage to writing to the DB directly from the engine. How are you doing your job effectively while wasting time being pedantic? Who says I was wasting time? Again you make assumptions as not to only what my environment is but also as to what hours I work.
no, I make assumptions, based on experience, that your assertion that direct DB writes from the engine have some value is absolutely incorrect. [...]
Exactly. Your *trying* to tell me about my car, of which you know nothing about, and are only making assumptions.
well, it seems that the car you are driving is Snort. Feel free to take your Toyota to the dealer and tell them it is designed wrong, I bet you are met with similar distrust in your assessment. [...]
The numbers speak for themselves. I have a large testbed with a nice mix of traffic (from avalanche, reflector, smartbits, metasploit, canvas, threatx and live traffic just to name a few) at hundreds of megs per second with no issues writing to a DB, dropping packets or missing events (comparing against an equivalent system using unified2 / flop watching the same traffic) . So what am I going to believe? Physical proof or FUD? I'm going with physical proof.
This is moderately interesting. What processors? What network cards? What configuration, db local, not? How much traffic? What mix? ... All you have managed to state is that you have created a moderately performing snort install that has a lot of test gear handling your contrived cases. $ 4 $, unified output will win every time, in every case, in every way.
Since you did not provide what config, preprocessors, rules, hardware and OS we should all be running on does this mean you don't think one size fits all? Or ,is that the one thing you aren't willing to make an assumption about?
It means that the position you chose to take is provably incorrect. You have realized this and instead of admitting it attempted to deflect with more conjecture. Please let me be clear one last time. There is absolutely no valid reason to choose direct DB writes over unified spooling. Your continued participation in the conversation without any actual evidence of a valid reason is proof. Attempt to deflect and muddy the waters all you want, you are wrong, have been from the start, and apparently will be until you get a new anonymous mail address. Simple is the man that hides himself instead of representing his beliefs openly. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Barnyard for Windows?, (continued)
- Re: Barnyard for Windows? Jason (Aug 22)
- Re: Diagnosing MySQL server has gone away messages bleh (Aug 21)
- Re: Diagnosing MySQL server has gone away messages Dirk Geschke (Aug 21)
- Re: Diagnosing MySQL server has gone away messages Joel Esler (Aug 21)
- Re: Diagnosing MySQL server has gone away messages bleh (Aug 21)
- Re: Diagnosing MySQL server has gone away messages Jason (Aug 21)
- Re: Diagnosing MySQL server has gone away messages bleh (Aug 21)
- Re: Diagnosing MySQL server has gone away messages Michael Stone (Aug 21)
- Re: Diagnosing MySQL server has gone away messages Jason (Aug 21)
- Re: Diagnosing MySQL server has gone away messages bleh (Aug 22)
- Re: Diagnosing MySQL server has gone away messages Jason (Aug 22)
- Re: Diagnosing MySQL server has gone away messages Nerijus Krukauskas (Aug 21)