[Snort-users] Upgrading from Snort v2.3.2 to 2.8.3.1

Ian Masters ian at ...12163...
Tue Dec 9 21:59:12 EST 2008


Joel

> Ian, I suggest that you output to unified.  Then use a third party tool, 
> like Barnyard or SnortUnified.pm to parse the Unified file and insert 
> into the db.  Inserting into the DB directly from Snort, is bad.

Can you tell me why it is "bad"? That is the way our system was set up a
few years ago. There haven't been any problems that I'm aware of.

If it would be better to do as you suggest, I'll need to do that on a
test system first.

That might take quite some time.

-- 
Snort v2.3.2 on various *nix; ACID v0.9.6b23





More information about the Snort-users mailing list