[Snort-users] Snort and M$ Access?????

Onie Camara neil at ...4898...
Fri Feb 8 11:27:20 EST 2002


Take a look at www.unixodbc.org

----- Original Message -----
From: "Graham, Randy (RAW) " <RAW at ...4721...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, February 08, 2002 12:58 PM
Subject: [Snort-users] Snort and M$ Access?????


> Sorry, but I'm forced to ask this...
>
> I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on
a
> couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
> well enough to correct the error of my ways).  Everything is working
great,
> and I love it.  Today, the bosses come to me and ask if we can make Snort
> output to an Access database instead.  Knowing where this is going, I try
to
> fend it off by telling a little lie about what databases Snort supports
> (mysql and postgres only).  So, they ask about dumping the mysql database
> info into an Access file or flat text so Access can read it in.
Apparently,
> they want to store the data on our "more secure" Win2k server.  Keep in
mind
> that these are the same people who won't let me use open source software
> because someone might have compiled a trojan in to the source I'm
> downloading...
>
> Anyway, what I really need to know is, does there exist some tool that
will
> allow for "easy" (meaning little work for me, and I don't care how much
work
> for others) migration/transport of the mysql database info from my Linux
> machine to their Win2K box?  If so, does there exist a tool to pull that
> info back out in a usable format - something comparable to ACID or
> SnortSnarf?
>
> I don't even know what else to ask, because I'm still flat on my back from
> effectively being told that my Linux machine (which only has ssh and the
> stunnel connection for mysql input from other sensors open) is not as
secure
> as their Win2K machine (which acts as the department print and file
server,
> and had IIS running unbeknownst to our admin for 6+ months until we
> discovered it in a routine scan before Christmas).  As I understand more
> what the bosses want, I may be back with more questions.
>
> Oh yea, and I may be slightly biased against the M$ based solution, but if
> someone can show me a good way to do this with an M$ OS and an M$
database,
> I'll at least seriously consider it.
>
> Randy Graham
> --
> The Internet?  Bah!  Is that thing still around?  -- Homer Simpson
> http://www.securitynewbie.com/ - for people like me
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list