[Snort-users] Barnyard - Database link down

beenph beenph at ...11827...
Sun Aug 5 23:15:19 EDT 2012


On Sun, Aug 5, 2012 at 11:00 PM, Steven Vona <savone at ...11827...> wrote:
>
> I have a question about how barnyard will react if the link is down
> between the sensor and the database server.
>
> If there is no route to the database server will barnyard queue the
> messages for when the link is restored or just dump them into the bit
> bucket?

Barnayrd2 version 1.9 will depending on the database module used to
output either die
or forward and terminate a one point.

version 1.10 has some new code that retry a defined numbed or time
(10 and configurable) before stoping cleanly
The transactional code in 1.10 is more robust and if a transaction
fail and your dbms strictly respect the transaction
nothing will corrupt the schema.


This being said when you use unified2 nothing is lost until you erase
the unified2 file, thus its allways possible
to replay events if something would happen ie: database crash or corruption.


I hope this answer your question.

-elz


>
> I hope someone can help me with this question as I am trying to decide
> how to implement snort in two locations.
>
> Thanks
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list