[Snort-users] snort and ACID

Kevin.Brown at ...1022... Kevin.Brown at ...1022...
Wed Jan 31 01:58:39 EST 2001


Running the version of snort 1.7 from the release (post beta), logging to a
remote db.  I may just recompile snort from source after upgrading the rpms on
both boxen.  I only work three days a week due to other issues taking up my
time (college degree), so I basically work on this in my spare time.  I did
disable the annoying rule regarding "TTL exceeded in transit" for icmp packets
as it was accounting for FAR too many alerts relative to anything else.

> Assuming that you are already running (and logging) with snort 1.7b0+,
> there should be no DB layout change.  In reference to the rpm of MySQL
> 3.22.32, it should be a clean upgrading as long as the existing DBs don't
> get moved/deleted (I believe you should be ok).
> 
> Roman
> 
> 
> On Tue, 30 Jan 2001 Kevin.Brown at ...1022... wrote:
> 
> > Are there any issues I should look out for when it comes to upgrading
> MySQL
> > from 3.22.32 to 3.23.32.  Like changes to the database layout or could I
> just
> > stop mysqld, rpm -Uvh to the new version and start it back up?
> >
> > > > Just a warning.  You may want to set up replication on the database
> as the
> > > > sensors will hang while you run queries on the database.  According
> to the
> > > > developers they are working on fixing this in a future version of
> snort
> > > > (hopefully in 2.x).  I'm trying to find a way to do two way
> replication so I
> > > > can use ACID to maintain the database.
> > >
> > > Right, I confirm. I am experimenting replication just for that reason
> !
> > > You have to install MySQL 3.23, which comes with replication features,
> including
> > > the ability to build smart architectures with dedicated server for
> SELECT
> > > queries and other for INSERT.
> > > Seems t owork, but I have to experiment a little further.
> > >
> > > Guillaume.
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 





More information about the Snort-users mailing list