[Snort-users] v2.8.4 incorrect logging to MySQL

Leon Ward seclists at ...14165...
Tue Apr 14 13:18:16 EDT 2009


Keep -A fast (or console) for testing purposes while creating rules and you
have vote #3.

-L


On Tue, Apr 14, 2009 at 5:08 PM, JJ Cummings <cummingsj at ...11827...> wrote:

> /me raises hand.. "I"
>
>
> On Tue, Apr 14, 2009 at 9:56 AM, Joel Esler <jesler at ...1935...> wrote:
>
>> Seconded.
>>
>>
>> On Tue, Apr 14, 2009 at 11:38 AM, Jason Brvenik <jasonb at ...1935...>wrote:
>>
>>> Here is my vote to remove all output methods from the engine except
>>> unified, to remove the code complexity. People are much better off
>>> having two dedicated processes achieving a common goal than they are
>>> with the code complexity and issues in the one code base.
>>>
>>> On Tue, Apr 14, 2009 at 8:31 AM, James Lay <jlay at ...13475...>
>>> wrote:
>>> >
>>> >
>>> >
>>> > ________________________________
>>> > From: Ron Jenkins <rjenkins at ...14345...>
>>> > Date: Mon, 13 Apr 2009 09:21:09 -0500
>>> > To: 'Joel Esler' <jesler at ...1935...>
>>> > Cc: James Lay <jlay at ...13475...>, Snort
>>> > <snort-users at lists.sourceforge.net>
>>> > Subject: RE: [Snort-users] v2.8.4 incorrect logging to MySQL
>>> >
>>> > We are backing down from v2.8.4 until the new version can successfully
>>> write
>>> > to the sensor and signature tables correctly.
>>> >
>>> > Until Soucrefire truly removes writing to the MySQL database and forces
>>> > unified logging we see no reason to change at this time.  Yes the new
>>> rule
>>> > changes are much wanted, but after reading on the mass issues on the
>>> snort
>>> > forums with the new version we are holding off on the update.
>>> >
>>> > Thanks
>>> >
>>> >
>>> >
>>> >
>>> > I have to chime in and second this.  Though Unified might be best, for
>>> > smaller shops, my perception is that barnyard is an added layer of
>>> > complexity.  I run snort at the house on OS X...pretty much to catch
>>> the
>>> > obvious dumb crap coming in from the outside world and to catch if the
>>> kids
>>> > machines get something naughty.  Again, larger shops where IDS is
>>> mission
>>> > critical should take the extra step, but small ones..eh...I’ve found
>>> that
>>> > logging direct to mysql works well enough.  My 0.02 I guess.
>>> >
>>> > James
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > This SF.net email is sponsored by:
>>> > High Quality Requirements in a Collaborative Environment.
>>> > Download a free trial of Rational Requirements Composer Now!
>>> > http://p.sf.net/sfu/www-ibm-com
>>> > _______________________________________________
>>> > Snort-users mailing list
>>> > Snort-users at lists.sourceforge.net
>>> > Go to this URL to change user options or unsubscribe:
>>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>>> > Snort-users list archive:
>>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> >
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>>
>>
>> --
>> joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by:
>> High Quality Requirements in a Collaborative Environment.
>> Download a free trial of Rational Requirements Composer Now!
>> http://p.sf.net/sfu/www-ibm-com
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
> --
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090414/484fa37f/attachment.html>


More information about the Snort-users mailing list