[Snort-users] Snort and M$ Access?????

Erek Adams erek at ...577...
Fri Feb 8 11:35:03 EST 2002

On Fri, 8 Feb 2002, Graham, Randy (RAW)  wrote:

> Sorry, but I'm forced to ask this...

Oh, we're not!  :-)  We all need more 'Stupid Management Tricks Stories' to
laugh/cry over.

> I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
> couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
> well enough to correct the error of my ways).  Everything is working great,
> and I love it.  Today, the bosses come to me and ask if we can make Snort
> output to an Access database instead.  Knowing where this is going, I try to
> fend it off by telling a little lie about what databases Snort supports
> (mysql and postgres only).  So, they ask about dumping the mysql database
> info into an Access file or flat text so Access can read it in.  Apparently,
> they want to store the data on our "more secure" Win2k server.  Keep in mind
> that these are the same people who won't let me use open source software
> because someone might have compiled a trojan in to the source I'm
> downloading...

[...horrible things snipped...]

I'm going to pretend I didn't read the other paragraphs, and concentrate on
what you're asking...

1)  Suckage:  Do they have any idea of the amount of suckage that Access has?
I mean, C'mon!  Try 2.5 million records in access with as much data as the
alerts are spitting out.  Yeah, it's real quick with that 20 minute sort.

2)  Updates:  When the DB schema gets updated, are they going to be able to
quickly change Access?  There's a script with each DB update to change the
supported DB types.

3)  ODBC:  If all else fails, they could use ODBC to 'move' the data from
MySQL to Access.

Now, if you'll excuse me, I think I've got some updates to the Drinking Game
to make...  ;-)

Erek Adams

More information about the Snort-users mailing list