[Snort-users] Database output

Erwin Van de Velde erwin.vandevelde at ...10361...
Wed Dec 10 15:15:06 EST 2003


I'm using a postgresql database to store the output of my snort sensors, but 
what happens if the database is temporarily unavailable (for instance, 
connecting fails due to a heavy load on network / database)? Does snort keep 
the queries for sending when database connectivity is restored? Or are these 
queries dropped? 
In my opinion, storing these queries temporarily is the safest solution, as we 
must certainly log data when a severe attack on our network takes place... 
And then chances are bigger that we can't connect to the database 
And does snort open a database connection for every query it sends? Or is 
there some sort of persistent connection (for example one that times out 
after 1 minute of inactivity, closing the connection then)...
I'd like to use SSL connections to the database, using stunnel, but opening a 
connection for every query would have severe consequences for network and 

Thanks in advance,

Erwin Van de Velde
Student of Antwerp University

More information about the Snort-users mailing list