[Snort-users] snort and mysql5 losing db connection

Jason Brvenik jasonb at ...1935...
Thu Jun 14 11:20:43 EDT 2007


Interesting that this topic comes up.

I wrote a perl module for handling unified files for just these reasons
(and many more) it currently lives at:

http://cerberus.sourcefire.com/~jbrvenik/unified_perl

It fully handles unified files and is portable across platforms and
handles big/little endian issues and 64bit unified files too.

It would not take much work to make the db code a direct replacement for
barnyard.

http://cerberus.sourcefire.com/~jbrvenik/unified_perl/ufdbtest.pl

So... some questions for the community.

- What is the interest in having a direct barnyard replacement?
- Anyone interested in taking a stab at it?
- What other capabilities are desired (I know you want ppp support, Richard)
- Anyone want to take up documenting it?





Jeff Dell wrote:
> Richard,
> 
> I couldn't agree with you more, but I think this is partially to do with
> barnyard and not the users. Here are a few reasons why I think this is
> happening...
> 
> o. Barnyard hasn't been updated in 3 years. It could be thought that
> something this old is no longer supported. (I know it is stable and
> working.. so no need to upgrade)
> o. Barnyard isn't available on snort.org as a binary package which makes it
> harder for some people to install.
> o. Not supported on all OS's. one being Windows.
> o. The barnyard email list gets more spam then real email.
> o. Lack of documentation how to install snort with barnyard. Even in the
> online manual at snort.org doesn't talk about how to do this. 
> 
> I would bet that most people don't use barnyard even though Snort should not
> be used without it.
> 
> Cheers,
> Jeff
> 
> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of Richard
> Bejtlich
> Sent: Thursday, June 14, 2007 9:41 AM
> To: j.greg.k at ...11827...; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] snort and mysql5 losing db connection
> 
> Greg King wrote:
> 
>> Another thread back in 2005 mentioned to use barnyard and not the sql
>> connector. That is not an option for base and probably would fail with
> aanval
>> users as well.
> 
> Why is Barnyard not an option for BASE users?  Using Barnyard is your
> best option.  Direct logging from Snort to MySQL has been a bad idea
> for about six years now, but like SQL Slammer it seems to always be
> with us...
> 
> Sincerely,
> 
> Richard
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list