[Snort-users] v2.8.4 incorrect logging to MySQL

Joel Esler jesler at ...1935...
Mon Apr 13 09:12:31 EDT 2009


The preferred method of logging with any version of Snort is unified.  Using
Unified ensures the best performance of any output system available from
Snort.  Using a 3rd party tool such as barnyard or SnortUnified.pm to
process the unified files and insert them into the DB relieves Snort from
having to do DB inserts itself, which will have a performance drain on the
system.

This is isn't a reason to not upgrade.  You must upgrade Snort to stay
current with the proper detection.

Joel

On Mon, Apr 13, 2009 at 8:41 AM, James Lay <jlay at ...13475...> wrote:

> > From: Danny Paul <JDPAUL at ...14549...>
> > Date: Mon, 13 Apr 2009 07:22:04 -0500
> > To: Stephen Reese <rsreese at ...11827...>, Matt Watchinski
> > <mwatchinski at ...1935...>
> > Cc: Snort <snort-users at lists.sourceforge.net>
> > Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQL
> >
> > I verified as well that no inserts were being made into the signatures or
> > sensors table.
>
> I take it that folks needing this functionality should hold off on
> upgrading?  Would it do any good to test this on different platforms (I was
> holding off to upgrade on Mac OS X 10.5.6 to see how this issue panned
> out)?
>
> James
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090413/7802de03/attachment.html>


More information about the Snort-users mailing list