[Snort-users] Barnyard - Database link down

beenph beenph at ...11827...
Mon Aug 6 01:10:51 EDT 2012

On Mon, Aug 6, 2012 at 12:43 AM, William Sandin <william at ...15738...> wrote:
> On 08/06/2012 10:15 AM, beenph wrote:
> ...
>> version 1.10 has some new code that retry a defined numbed or time
>> (10 and configurable) before stoping cleanly
>> The transactional code in 1.10 is more robust and if a transaction
>> fail and your dbms strictly respect the transaction
>> nothing will corrupt the schema.
>> This being said when you use unified2 nothing is lost until you erase
>> the unified2 file, thus its allways possible
>> to replay events if something would happen ie: database crash or corruption.
> In that case, monitoring By2 and the RDBMS processes with software such
> as MMonit, would increase reliability and minimize risk of data loss in
> the db.

Data lost would occur if the database get corrupted or if someone
delete the unified2 file.
Barnyard2 should only be considered as a transpher agent.

> I really like DJ.B's daemontools for it's robustness but it's not as
> easy do deploy and don't have very few monitoring options except the PID.
Daemontools is awsome for snort and barnyard, but i wouldn't recommend
using it for databases,
unless you really know what your doing.

> Is there any roadmap or planned release date for 1.10? I'm eager to know
> more about new features and improvements in the next release :-)
Well we still need more people to test 2-1.10 its in pre-stable phase
and has improvement to the database code
for the old schema. 2-1.10 is only a minor version and does contain a
few bug fix and a few feature like
remote syslog (tcp and udp logging) and a more robust database code.

You can get the pre-stable branch in firnsy depo :

Or mine:


Currently i have a small  fix that correct postgresql compilation that
his not pushed but it should be upstreamed soon enough.

> You and firnsy are doing a great job.
Thanks, and the more feedback we have the better it can get.

> I'm not sure if there is any specific By2 list I better subscribe to?

We have two groups and we encourage users and potential users  of
barnyard2 to come and interract:

barnyard2-users :
barnyard2-devel :


More information about the Snort-users mailing list