[Snort-users] v2.8.4 incorrect logging to MySQL

James Lay jlay at ...13475...
Tue Apr 14 08:31:52 EDT 2009





From: Ron Jenkins <rjenkins at ...14345...>
Date: Mon, 13 Apr 2009 09:21:09 -0500
To: 'Joel Esler' <jesler at ...1935...>
Cc: James Lay <jlay at ...13475...>, Snort
<snort-users at lists.sourceforge.net>
Subject: RE: [Snort-users] v2.8.4 incorrect logging to MySQL

We are backing down from v2.8.4 until the new version can successfully write
to the sensor and signature tables correctly.
 
Until Soucrefire truly removes writing to the MySQL database and forces
unified logging we see no reason to change at this time.  Yes the new rule
changes are much wanted, but after reading on the mass issues on the snort
forums with the new version we are holding off on the update.
 
Thanks  
 



I have to chime in and second this.  Though Unified might be best, for
smaller shops, my perception is that barnyard is an added layer of
complexity.  I run snort at the house on OS X...pretty much to catch the
obvious dumb crap coming in from the outside world and to catch if the kids
machines get something naughty.  Again, larger shops where IDS is mission
critical should take the extra step, but small ones..eh...I¹ve found that
logging direct to mysql works well enough.  My 0.02 I guess.

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090414/802c5863/attachment.html>


More information about the Snort-users mailing list