[Snort-users] v2.8.4 incorrect logging to MySQL

Joel Esler jesler at ...1935...
Mon Apr 13 09:38:02 EDT 2009


Okay, however, obviously, you are going to get my 0.02 speech, logging to DB
directly should never be used in a production environment.  The code for it
was written, truly, as a college project, and has been sparely incrementally
updated over the years.  Unified the the best.
Joel

On Mon, Apr 13, 2009 at 9:30 AM, Ron Jenkins <rjenkins at ...14345...> wrote:

>  Thank you…
>
>
>
> We will not be able to update until this is corrected.
>
>
>
>
>  ------------------------------
>
> *From:* Joel Esler [mailto:jesler at ...1935...]
> *Sent:* Monday, April 13, 2009 8:34 AM
> *To:* Ron Jenkins
> *Cc:* James Lay; Snort
>
> *Subject:* Re: [Snort-users] v2.8.4 incorrect logging to MySQL
>
>
>
> I can't speak for the developers, as they probably aren't on this list,
> however, I'll make sure they know about it.
>
>
>
> J
>
> On Mon, Apr 13, 2009 at 9:18 AM, Ron Jenkins <rjenkins at ...14345...> wrote:
>
> Is this the only solution?  Is sourcefire going to correct this issue?
>
>
>
> Thanks
>
>
>  ------------------------------
>
> *From:* Joel Esler [mailto:jesler at ...1935...]
> *Sent:* Monday, April 13, 2009 8:13 AM
> *To:* James Lay
> *Cc:* Snort
>
>
> *Subject:* Re: [Snort-users] v2.8.4 incorrect logging to MySQL
>
>
>
> The preferred method of logging with any version of Snort is unified.
>  Using Unified ensures the best performance of any output system available
> from Snort.
>
> Using a 3rd party tool such as barnyard or SnortUnified.pm to process the
> unified files and insert them into the DB relieves Snort from having to do
> DB inserts itself, which will have a performance drain on the system.
>
>
>
> This is isn't a reason to not upgrade.  You must upgrade Snort to stay
> current with the proper detection.
>
>
>
> Joel
>
>
>
> On Mon, Apr 13, 2009 at 8:41 AM, James Lay <jlay at ...13475...>
> wrote:
>
> > From: Danny Paul <JDPAUL at ...14549...>
> > Date: Mon, 13 Apr 2009 07:22:04 -0500
> > To: Stephen Reese <rsreese at ...11827...>, Matt Watchinski
> > <mwatchinski at ...1935...>
> > Cc: Snort <snort-users at lists.sourceforge.net>
> > Subject: Re: [Snort-users] v2.8.4 incorrect logging to MySQL
>
> >
> > I verified as well that no inserts were being made into the signatures or
> > sensors table.
>
> I take it that folks needing this functionality should hold off on
> upgrading?  Would it do any good to test this on different platforms (I was
> holding off to upgrade on Mac OS X 10.5.6 to see how this issue panned
> out)?
>
> James
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> --
> joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
>
>
>
>
> --
> joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
>



-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090413/d28a012d/attachment.html>


More information about the Snort-users mailing list