[Snort-users] snort and mysql5 losing db connection
jasonb at ...1935...
Thu Jun 14 11:36:04 EDT 2007
Bamm Visscher wrote:
> Is this for unified alert, log, or both?
> On 6/14/07, Jason Brvenik <jasonb at ...1935...> wrote:
>> Interesting that this topic comes up.
>> I wrote a perl module for handling unified files for just these reasons
>> (and many more) it currently lives at:
>> It fully handles unified files and is portable across platforms and
>> handles big/little endian issues and 64bit unified files too.
>> It would not take much work to make the db code a direct replacement for
>> So... some questions for the community.
>> - What is the interest in having a direct barnyard replacement?
>> - Anyone interested in taking a stab at it?
>> - What other capabilities are desired (I know you want ppp support, Richard)
>> - Anyone want to take up documenting it?
>> Jeff Dell wrote:
>>> I couldn't agree with you more, but I think this is partially to do with
>>> barnyard and not the users. Here are a few reasons why I think this is
>>> o. Barnyard hasn't been updated in 3 years. It could be thought that
>>> something this old is no longer supported. (I know it is stable and
>>> working.. so no need to upgrade)
>>> o. Barnyard isn't available on snort.org as a binary package which makes it
>>> harder for some people to install.
>>> o. Not supported on all OS's. one being Windows.
>>> o. The barnyard email list gets more spam then real email.
>>> o. Lack of documentation how to install snort with barnyard. Even in the
>>> online manual at snort.org doesn't talk about how to do this.
>>> I would bet that most people don't use barnyard even though Snort should not
>>> be used without it.
>>> -----Original Message-----
>>> From: snort-users-bounces at lists.sourceforge.net
>>> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of Richard
>>> Sent: Thursday, June 14, 2007 9:41 AM
>>> To: j.greg.k at ...11827...; snort-users at lists.sourceforge.net
>>> Subject: Re: [Snort-users] snort and mysql5 losing db connection
>>> Greg King wrote:
>>>> Another thread back in 2005 mentioned to use barnyard and not the sql
>>>> connector. That is not an option for base and probably would fail with
>>>> users as well.
>>> Why is Barnyard not an option for BASE users? Using Barnyard is your
>>> best option. Direct logging from Snort to MySQL has been a bad idea
>>> for about six years now, but like SQL Slammer it seems to always be
>>> with us...
More information about the Snort-users