[Snort-devel] Snort.org Blog: Snort 2.9.1 beta coming soon!

Joel Esler jesler at ...402...
Wed Jun 15 22:44:17 EDT 2011


I'll put out a blog post closer to the next release targeting what output methods will remain and which ones will be depreciated.  

Firnsy -- For now, the sql files are in the contrib/ directory of the Snort tarball if you want to go ahead and grab those.  

Joel


On Jun 15, 2011, at 10:26 PM, Steven Sturges wrote:

> To allow users time to transition, we'll add some warnings about
> the database output plugin in Snort being deprecated in a future
> release, just as we've done with other deprecated features before
> they are removed.  From there, we'd plan to fully remove support
> with the following (3 digit) release.
> 
> The schema files (mysql, MS SQL, Oracle, Postgres, DB2) will be
> maintained external to Snort.
> 
> The idea is to make unified2 the primary logging mechanism for
> binary data.  We would still keep tcpdump/pcap.
> 
> This will simplify the build process for Snort for everyone, as
> well as minimizing our required testing coverage.
> 
> Cheers.
> -steve
> 
> On 6/15/11 2:20 PM, Joel Esler wrote:
>> Steve -- Can you chime in here with what we discussed yesterday in your office?
>> 
>> Joel
>> 
>> On Jun 15, 2011, at 8:54 AM, firnsy wrote:
>> 
>>> On 15/06/11 07:07, Joel Esler wrote:
>>>> On Jun 14, 2011, at 2:59 PM, Randal T. Rioux wrote:
>>>>> On 6/14/2011 11:19 AM, Joel Esler wrote:
>>>>>> So is the barnyard2 project willing to take over maintenance of the sql
>>>>>> schema totally?  We'd like to remove it from the Snort tarball along
>>>>>> with the direct-to-db output method.
>>>>> 
>>>>> I'll chime in and say yes - whether it be firnsy, myself, etc.
>>>>> 
>>>>> I started this for my own project a couple years ago and have wanted to
>>>>> do this for a while!
>>>> 
>>> 
>>> I'll second Randy here and say yes the barnyard2 project is willing to
>>> take over maintenance of the schema in its entirety.
>>> 
>>>> Roger.  Let us talk over some things internally about how we are going to handle this, and in what versions.  I'll ping you back.
>>>> 
>>> 
>>> Sure, we can discuss this further offline when you have more details of
>>> how you want to handover.
>>> 
>>> Regards,
>>> firnsy
>> 
>> 
>> ------------------------------------------------------------------------------
>> EditLive Enterprise is the world's most technically advanced content
>> authoring tool. Experience the power of Track Changes, Inline Image
>> Editing and ensure content is compliant with Accessibility Checking.
>> http://p.sf.net/sfu/ephox-dev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> 





More information about the Snort-devel mailing list