[Snort-users] Can you simply merge separate Snort SQL databases?

Jason Haar Jason.Haar at ...294...
Wed May 1 20:55:21 EDT 2002


On Wed, May 01, 2002 at 09:20:15AM -0700, David E. Wach wrote:
> One problem you'll have is that Snort dynamically adds entries into
> several tables as it sees events (reference, reference_system,
> sig_class, sig_reference, and signature).  If you pull data into a
> central database you're events will reference bogus data. 

Gah! That sounds nasty. I wonder, could you fake it? i.e. pull over the
unique data, and then regenerate all the reference table data? 

It seems to me that this sort of central DB is the one thing you can
slash-and-burn on demand - all the "live" DB servers should be left alone if
possible...

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list