Re: snort and mysql5 losing db connection

[Jason Brvenik <jasonb () sourcefire com>]

Both.

Bamm Visscher wrote:
> Jason,
>
> Is this for unified alert, log, or both?
>
> Bammkkkk
>
>
> On 6/14/07, Jason Brvenik <jasonb () sourcefire com> wrote:
>   
> > Interesting that this topic comes up.
> >
> > I wrote a perl module for handling unified files for just these reasons
> > (and many more) it currently lives at:
> >
> > http://cerberus.sourcefire.com/~jbrvenik/unified_perl
> >
> > It fully handles unified files and is portable across platforms and
> > handles big/little endian issues and 64bit unified files too.
> >
> > It would not take much work to make the db code a direct replacement for
> > barnyard.
> >
> > http://cerberus.sourcefire.com/~jbrvenik/unified_perl/ufdbtest.pl
> >
> > So... some questions for the community.
> >
> > - What is the interest in having a direct barnyard replacement?
> > - Anyone interested in taking a stab at it?
> > - What other capabilities are desired (I know you want ppp support, Richard)
> > - Anyone want to take up documenting it?
> >
> >
> >
> >
> >
> > Jeff Dell wrote:
> >     
> > > Richard,
> > >
> > > I couldn't agree with you more, but I think this is partially to do with
> > > barnyard and not the users. Here are a few reasons why I think this is
> > > happening...
> > >
> > > o. Barnyard hasn't been updated in 3 years. It could be thought that
> > > something this old is no longer supported. (I know it is stable and
> > > working.. so no need to upgrade)
> > > o. Barnyard isn't available on snort.org as a binary package which makes it
> > > harder for some people to install.
> > > o. Not supported on all OS's. one being Windows.
> > > o. The barnyard email list gets more spam then real email.
> > > o. Lack of documentation how to install snort with barnyard. Even in the
> > > online manual at snort.org doesn't talk about how to do this.
> > >
> > > I would bet that most people don't use barnyard even though Snort should not
> > > be used without it.
> > >
> > > Cheers,
> > > Jeff
> > >
> > > -----Original Message-----
> > > From: snort-users-bounces () lists sourceforge net
> > > [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Richard
> > > Bejtlich
> > > Sent: Thursday, June 14, 2007 9:41 AM
> > > To: j.greg.k () gmail com; snort-users () lists sourceforge net
> > > Subject: Re: [Snort-users] snort and mysql5 losing db connection
> > >
> > > Greg King wrote:
> > >
> > >       
> > > > Another thread back in 2005 mentioned to use barnyard and not the sql
> > > > connector. That is not an option for base and probably would fail with
> > > >         
> > > aanval
> > >       
> > > > users as well.
> > > >         
> > > Why is Barnyard not an option for BASE users?  Using Barnyard is your
> > > best option.  Direct logging from Snort to MySQL has been a bad idea
> > > for about six years now, but like SQL Slammer it seems to always be
> > > with us...
> > >
> > > Sincerely,
> > >       


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users