Re: Upgrading from Snort v2.3.2 to 2.8.3.1

[Ian Masters <ian () acces co jp>]

Joel

> Ian, I suggest that you output to unified.  Then use a third party tool, 
> like Barnyard or SnortUnified.pm to parse the Unified file and insert 
> into the db.  Inserting into the DB directly from Snort, is bad.

Can you tell me why it is "bad"? That is the way our system was set up a
few years ago. There haven't been any problems that I'm aware of.

If it would be better to do as you suggest, I'll need to do that on a
test system first.

That might take quite some time.

-- 
Snort v2.3.2 on various *nix; ACID v0.9.6b23


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users