Snort mailing list archives
Re: Is there not a database schema in Snort Source for Snort?
From: waldo kitty <wkitty42 () windstream net>
Date: Sun, 14 Sep 2014 13:10:41 -0400
On 9/14/2014 12:02 AM, Jutichai Thongkrachai wrote:
Hello, I'm just curious I try to set up Snort with Barnyard2 and Snorby as this links: http://monkeyadmin.blogspot.com/2010/09/installing-snort-mysql-and-snorby-on.html
that tutorial is 4 years old...
I do until the step that add the schema to the snort database but there is not a file that contain a bunch of sql command to create a schema at my Snort source directory ( /usr/local/src/snort-2.9.6.2)
i'm going to make a eWAG that the tutorial is operating on the assumption that snort talks to databases... back then it may have done so but there were numerous problems so the task of placing alerts into a database was removed and delegated to other tools... the main thing that this did was to enable snort to concentrate on snorting the network traffic instead of having to deal with database problems... the solution is to use a tool like barnyard2 to read snort generated binary unified2 files and have barnyard2 put those alerts into the database for other tools like snorby to read and process... in short, find another tutorial that uses barnyard2 with snort and snorby... preferably one that is less than 2 years old... i say two years because it has been at least that long since snort stopped talking to databases, IIRC... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Is there not a database schema in Snort Source for Snort? Jutichai Thongkrachai (Sep 13)
- Re: Is there not a database schema in Snort Source for Snort? waldo kitty (Sep 14)
- Re: Is there not a database schema in Snort Source for Snort? waldo kitty (Sep 15)
- Re: Is there not a database schema in Snort Source for Snort? Sharif Uddin (Sep 15)
- Re: Is there not a database schema in Snort Source for Snort? waldo kitty (Sep 14)