[Snort-users] Snort w/ Mysql's 'Insert Delayed' and Barnyard

Tom Sevy tsevy at ...1701...
Tue Jul 9 12:25:02 EDT 2002


I have a snort sensor server sniffing multiple lan segments.  Looks like
barnyard might be a little bit of trouble to install for this scenario
(muliple barnyard config files for multiple sensors?).

Does anyone know if just modifiying spp_database.c and changing the 'INSERT
INTO' sql commands to 'INSERT DELAYED INTO' is a bad idea?

MySql is running on a different server than snort, and I have found that
just since I added this change mysql reports 993 delayed inserts (echo "show
status" | mysql -h dbserver snort | grep -i delayed ) in less than 1.5
hours.




More information about the Snort-users mailing list