Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is there not a database schema in Snort Source for Snort?

From: waldo kitty <wkitty42 () windstream net>
Date: Sun, 14 Sep 2014 13:10:41 -0400
On 9/14/2014 12:02 AM, Jutichai Thongkrachai wrote:

Hello,
I'm just curious

I try to set up Snort with Barnyard2 and Snorby as this links:
http://monkeyadmin.blogspot.com/2010/09/installing-snort-mysql-and-snorby-on.html


that tutorial is 4 years old...


I do until the step that add the schema to the snort database but there is not a
file that contain a bunch of sql command to create a schema at my Snort source
directory ( /usr/local/src/snort-2.9.6.2)


i'm going to make a eWAG that the tutorial is operating on the assumption that 
snort talks to databases... back then it may have done so but there were 
numerous problems so the task of placing alerts into a database was removed and 
delegated to other tools... the main thing that this did was to enable snort to 
concentrate on snorting the network traffic instead of having to deal with 
database problems...

the solution is to use a tool like barnyard2 to read snort generated binary 
unified2 files and have barnyard2 put those alerts into the database for other 
tools like snorby to read and process...

in short, find another tutorial that uses barnyard2 with snort and snorby... 
preferably one that is less than 2 years old... i say two years because it has 
been at least that long since snort stopped talking to databases, IIRC...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: