[Snort-users] PostgreSQL vs MySQL?

Jesus Couto jesus.couto at ...3830...
Tue Oct 16 04:40:16 EDT 2001


I'm trying to decide what database backend to use for a "lightweight"
IDS running snort. Basically, the idea is that the machine should not
use a lot of disk, but log everything to the database.

Initially, my thoughs were "well, PostgreSQL supports transactions,
so maybe its safer to use", but looking at the log of whats do a live Snort
writes to a PostgreSQL database, I see that it makes a transaction for
every single insert in every single table, not a transaction for the whole
set of inserts that make an event.

So, my questions are:

1) Why? I mean, there are technical reasons why what I'm asking is not
practical/useful, or is this just product of supporting MySQL and PostgreSQL
and going for the lowest common factor (no transactions), or its just 
that the
only risk is having "incomplete" events in the database (say, headers 
but not
payload, or something like that), and that was not considered relevant?

2) Any plans to do it that way with Barnyard?

3) Any plans to do it at all?

Thanks in advance,

            Jesús Couto F.

More information about the Snort-users mailing list