[Snort-users] Snort and M$ Access?????
erek at ...577...
Fri Feb 8 11:35:03 EST 2002
On Fri, 8 Feb 2002, Graham, Randy (RAW) wrote:
> Sorry, but I'm forced to ask this...
Oh, we're not! :-) We all need more 'Stupid Management Tricks Stories' to
> I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
> couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
> well enough to correct the error of my ways). Everything is working great,
> and I love it. Today, the bosses come to me and ask if we can make Snort
> output to an Access database instead. Knowing where this is going, I try to
> fend it off by telling a little lie about what databases Snort supports
> (mysql and postgres only). So, they ask about dumping the mysql database
> info into an Access file or flat text so Access can read it in. Apparently,
> they want to store the data on our "more secure" Win2k server. Keep in mind
> that these are the same people who won't let me use open source software
> because someone might have compiled a trojan in to the source I'm
[...horrible things snipped...]
I'm going to pretend I didn't read the other paragraphs, and concentrate on
what you're asking...
1) Suckage: Do they have any idea of the amount of suckage that Access has?
I mean, C'mon! Try 2.5 million records in access with as much data as the
alerts are spitting out. Yeah, it's real quick with that 20 minute sort.
2) Updates: When the DB schema gets updated, are they going to be able to
quickly change Access? There's a script with each DB update to change the
supported DB types.
3) ODBC: If all else fails, they could use ODBC to 'move' the data from
MySQL to Access.
Now, if you'll excuse me, I think I've got some updates to the Drinking Game
to make... ;-)
More information about the Snort-users