[Snort-users] Snort Users Yahoo Group

Roy S. Rapoport snort-users at ...9230...
Sat Jun 21 09:24:14 EDT 2003

On Fri, Jun 20, 2003 at 08:52:50PM -0700, Jeff Nathan wrote:
> the list is slow.  Primary reasons?  The components most users want to get 
> running are poorly documented and instead asking the authors of these 
> systems for more complete documentation, sending a message to the support 
> list for said component (Snortcenter, etc) or searching the mailing list 
> archives of this list, people post directly to snort-users.  Sourceforge is 
> also a bit slow but for a free service it's rather remarkable.
> In any case, the bulk of the traffic on this list is newbie traffic asking 
> how to get ACID and/or snortcenter running.  There are only a few 
> reasonable solutions to the problem.  Ask the developers of these 

Jeff is right about all these points.  

My perception is that traffic about in-depth management of Snort
comprises of only about ~5-10% of overall traffic.  I don't think it's
fair to say everything else is "How do I get ACID/SnortCenter working?"
-- I think a fair amount of it is "How do I get Snort logging to MySQL?"
-- but the problem is still that really, snort-users should be a rather
low-volume list, and we need snort-newusers (or snort-setup) and then -- 
*MAYBE* -- snort-3rdparty-setup (though for God's sake, with a better 
name than that).  

However, if we do go ahead and do this, I'd argue there's a need to have
all three lists reside in the same place and advertised through
snort.org.  I think the vast majority of people who land on this mailing
list find it because they've downloaded snort from Snort.org and seen
Snort's link to this mailing list.  It's foolish to wait until someone
posts to say "hey, you should go to this other mailing list."

As for the 3rd-party tools, I have to admit I didn't even notice ACID
had its own user mailing list hosted on sourceforge.  Of course, of the
13 messages posted in June, it appears approximately 11 are spam, so
it's obviously not being vigorously managed.  I do think we should start
responding to ACID questions with "That's not appropriate for this
mailing list," though I'm not sure we have enough cantankerous assholes
to maintain that as a consistent tone.  I do very strongly support the
idea of a mailing list for each widely-adopted tool.  I'm not sure
what's going to happen in the case of SnortCenter.  I'm guessing Lars
doesn't have a whole bunch of energy/desire to deal with the support
side of it (and in the case of SC, I think there's a danger anyway
because it is so dependent on the efforts of one person).  


More information about the Snort-users mailing list