Snort mailing list archives
Re: mysql support is not compiled into this build of snort
From: Marcin Dulak via Snort-users <snort-users () lists snort org>
Date: Sat, 7 Apr 2018 22:13:42 +0200
On Sat, Apr 7, 2018 at 9:20 PM, <wkitty42 () windstream net> wrote:
On 04/07/2018 04:41 AM, 2014/2015 - Nsabimana Thierry wrote:Could you please help me to overcome this issue?1. please don't bold your lines in your posts... we can see and read them quite easily ;) 2. as Al noted, snort 2.6 is very old and out of date... snort no longer talks directly to the databases like it once did... there were too many situations that would cause snort to miss traffic (eg: the database was down)... snort would get hung up on the database stuff and simply miss traffic... so the database code was ripped out and snort only writes to its log files... now you use a tool like barnyard2
https://github.com/firnsy/barnyard2 is not maintained. You may want to try barnyard2 anyway or look at https://lists.snort.org/pipermail/snort-users/2018-March/071164.html which uses https://github.com/jasonish/py-idstools to convert snort log into json, and write that into mysql. Once at that you may also push the logs into elasticsearch instead and check whether snort is supported by modern alert management systems like https://evebox.org/ or https://github.com/dunbarcyber/cyphon. People report using elasticsearch for storing snort logs https://www.arl.army.mil/www/default.cfm?technical_report=7965, it just needs to be better documented to become mainstream. Marcin
to take the data from snort's U2 log files and put it into the database... this separates the sniffing from the database insertions... then you can go from there doing your database thing with the alert data... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is- the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- mysql support is not compiled into this build of snort 2014/2015 - Nsabimana Thierry (Apr 07)
- Re: mysql support is not compiled into this build of snort Al Lewis (allewi) via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 07)
- Re: mysql support is not compiled into this build of snort Marcin Dulak via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 07)
- Re: mysql support is not compiled into this build of snort Joel Esler (jesler) via Snort-users (Apr 07)
- Re: mysql support is not compiled into this build of snort Jim Campbell (Apr 08)
- Re: mysql support is not compiled into this build of snort wkitty42 (Apr 08)
- Re: mysql support is not compiled into this build of snort 2014/2015 - Nsabimana Thierry (Apr 08)
- Re: mysql support is not compiled into this build of snort Marcin Dulak via Snort-users (Apr 07)