[Snort-users] reboot the DB

Bryan Irvine bryan.irvine at ...9066...
Mon Jul 7 14:00:10 EDT 2003


So I should redo the setup and have snort log to this barnyard something
or other instead of postgres, and barnyard will take care of logging to
postgres so acid can still see the alerts?  I got the order right?

--Bryan


On Mon, 2003-07-07 at 13:38, Erek Adams wrote:
> On Mon, 7 Jul 2003, Bryan Irvine wrote:
> 
> > Out of curiosity, what would happen if I rebooted the database server?
> > Would Snort just queue up the logs and dump them when it comes back
> > online?  I don't need to do this, it's more just philosophical in case I
> > ever need to.
> 
> No.  Snort would block and then all the alerts would go into the bit
> bucket.
> 
> What you really want is Barnyard.  It was built to handle things just like
> that.  If the connectivity to the DB drops, the alerts spool and are sent
> once the connections are restored.
> 
> Cheers!
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson
> 





More information about the Snort-users mailing list