Re: Snort logs to MySQL

[Abdullah AL-Mutairy <abohabeeb1412 () gmail com>]

Thanks guys!

But what if i want to use an older version of snort (ex: snort 2.3) that support logging directly to MySQL DB .. just 
for testing purposes not for production.
Is there much deferences between 2.9 and 2.3? Or just few bug fixes?

I tried to use barnyard but i couldn't make it work as it needs some compiler, i tried to compile and but couldn't make 
it work too! (Bad luck i guess -_-) 

Why do you need a third party tool just to copy the logs? Wouldn't be better if there some process or optional service 
inside snort that copy or export logs?

I just want to perform some experiments of snort as a signature-based IDS.

Sorry for the too many questions!
I really appreciate your help :)

. . . . . 

> On Jan 28, 2017, at 10:55 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
>
> Waldo is 100% correct.  
>
> --
> Sent from my iPhone
>
> > > On Jan 28, 2017, at 1:52 PM, "wkitty42 () windstream net" <wkitty42 () windstream net> wrote:
> > >
> > > On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote:
> > >
> > > Hello everyone!
> > >
> > > I'm wondering why snort developers stopped supporting logging to SQL database
> > > directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better
> > > if snort just logs to SQL directly?
> >
> > no... if the database is not available or there is a problem, snort would hang 
> > waiting on the connection to clear and return... that hang lead to traffic being 
> > missed... it is best if snort just write to its logs and let something else 
> > worry about pharting about with some database mess ;)
> >
> >
> > -- 
> > NOTE: No off-list assistance is given without prior approval.
> >       *Please keep mailing list traffic on the list* unless
> >       private contact is specifically requested and granted.
> >
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!