Re: Load snort alert to database without barnyard2

[wkitty42 () windstream net]

On 02/20/2017 02:26 PM, Paul Li wrote:
> My use cases of Snort don't generate u2 log files very time: some time it
> generates .log log files. But I still need load all the alerts to database.
> Looks like after Snort 2.9.3, the database plugin is removed. Wondering is there
> any other ways to load alerts to database without using Barnyard2?

without using barnyard2? no... not that *i'm* aware of... you could write your 
own U2 parser and use that to populate your database... see? here's the thing... 
the reason that the snort direct database thing was abandoned was because if 
there was a problem reaching the database or writing to it, snort would hang and 
miss processing traffic... by getting rid of that task, snort has more time to 
monitor and analyze the network traffic... it can write to the U2 log as long as 
t wants to... then it is up to another tool, like barnyard2 or your own 
concoction, to handle the reading of the U2 and importing it into the database 
in its own time... all without stopping snort...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!