[Snort-users] Upgrading from Snort v2.3.2 to 220.127.116.11
ian at ...12163...
Tue Dec 9 21:59:12 EST 2008
> Ian, I suggest that you output to unified. Then use a third party tool,
> like Barnyard or SnortUnified.pm to parse the Unified file and insert
> into the db. Inserting into the DB directly from Snort, is bad.
Can you tell me why it is "bad"? That is the way our system was set up a
few years ago. There haven't been any problems that I'm aware of.
If it would be better to do as you suggest, I'll need to do that on a
test system first.
That might take quite some time.
Snort v2.3.2 on various *nix; ACID v0.9.6b23
More information about the Snort-users