[Snort-users] snort and mysql5 losing db connection

Jason Brvenik jasonb at ...1935...
Thu Jun 14 11:36:04 EDT 2007


Both.

Bamm Visscher wrote:
> Jason,
>
> Is this for unified alert, log, or both?
>
> Bammkkkk
>
>
> On 6/14/07, Jason Brvenik <jasonb at ...1935...> wrote:
>   
>> Interesting that this topic comes up.
>>
>> I wrote a perl module for handling unified files for just these reasons
>> (and many more) it currently lives at:
>>
>> http://cerberus.sourcefire.com/~jbrvenik/unified_perl
>>
>> It fully handles unified files and is portable across platforms and
>> handles big/little endian issues and 64bit unified files too.
>>
>> It would not take much work to make the db code a direct replacement for
>> barnyard.
>>
>> http://cerberus.sourcefire.com/~jbrvenik/unified_perl/ufdbtest.pl
>>
>> So... some questions for the community.
>>
>> - What is the interest in having a direct barnyard replacement?
>> - Anyone interested in taking a stab at it?
>> - What other capabilities are desired (I know you want ppp support, Richard)
>> - Anyone want to take up documenting it?
>>
>>
>>
>>
>>
>> Jeff Dell wrote:
>>     
>>> Richard,
>>>
>>> I couldn't agree with you more, but I think this is partially to do with
>>> barnyard and not the users. Here are a few reasons why I think this is
>>> happening...
>>>
>>> o. Barnyard hasn't been updated in 3 years. It could be thought that
>>> something this old is no longer supported. (I know it is stable and
>>> working.. so no need to upgrade)
>>> o. Barnyard isn't available on snort.org as a binary package which makes it
>>> harder for some people to install.
>>> o. Not supported on all OS's. one being Windows.
>>> o. The barnyard email list gets more spam then real email.
>>> o. Lack of documentation how to install snort with barnyard. Even in the
>>> online manual at snort.org doesn't talk about how to do this.
>>>
>>> I would bet that most people don't use barnyard even though Snort should not
>>> be used without it.
>>>
>>> Cheers,
>>> Jeff
>>>
>>> -----Original Message-----
>>> From: snort-users-bounces at lists.sourceforge.net
>>> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of Richard
>>> Bejtlich
>>> Sent: Thursday, June 14, 2007 9:41 AM
>>> To: j.greg.k at ...11827...; snort-users at lists.sourceforge.net
>>> Subject: Re: [Snort-users] snort and mysql5 losing db connection
>>>
>>> Greg King wrote:
>>>
>>>       
>>>> Another thread back in 2005 mentioned to use barnyard and not the sql
>>>> connector. That is not an option for base and probably would fail with
>>>>         
>>> aanval
>>>       
>>>> users as well.
>>>>         
>>> Why is Barnyard not an option for BASE users?  Using Barnyard is your
>>> best option.  Direct logging from Snort to MySQL has been a bad idea
>>> for about six years now, but like SQL Slammer it seems to always be
>>> with us...
>>>
>>> Sincerely,
>>>       





More information about the Snort-users mailing list