[Snort-users] Barnyard - Database link down

beenph beenph at ...11827...
Mon Aug 6 01:10:51 EDT 2012


On Mon, Aug 6, 2012 at 12:43 AM, William Sandin <william at ...15738...> wrote:
> On 08/06/2012 10:15 AM, beenph wrote:
> ...
>> version 1.10 has some new code that retry a defined numbed or time
>> (10 and configurable) before stoping cleanly
>> The transactional code in 1.10 is more robust and if a transaction
>> fail and your dbms strictly respect the transaction
>> nothing will corrupt the schema.
>>
>>
>> This being said when you use unified2 nothing is lost until you erase
>> the unified2 file, thus its allways possible
>> to replay events if something would happen ie: database crash or corruption.
>>
>
> In that case, monitoring By2 and the RDBMS processes with software such
> as MMonit, would increase reliability and minimize risk of data loss in
> the db.

Data lost would occur if the database get corrupted or if someone
delete the unified2 file.
Barnyard2 should only be considered as a transpher agent.

>
> I really like DJ.B's daemontools for it's robustness but it's not as
> easy do deploy and don't have very few monitoring options except the PID.
>
Daemontools is awsome for snort and barnyard, but i wouldn't recommend
using it for databases,
unless you really know what your doing.

> Is there any roadmap or planned release date for 1.10? I'm eager to know
> more about new features and improvements in the next release :-)
>
Well we still need more people to test 2-1.10 its in pre-stable phase
and has improvement to the database code
for the old schema. 2-1.10 is only a minor version and does contain a
few bug fix and a few feature like
remote syslog (tcp and udp logging) and a more robust database code.

You can get the pre-stable branch in firnsy depo :
https://github.com/firnsy/barnyard2/tree/pre-stable

Or mine:

https://github.com/binf/barnyard2/tree/pre-stable

Currently i have a small  fix that correct postgresql compilation that
his not pushed but it should be upstreamed soon enough.



> You and firnsy are doing a great job.
>
Thanks, and the more feedback we have the better it can get.

> I'm not sure if there is any specific By2 list I better subscribe to?
>

We have two groups and we encourage users and potential users  of
barnyard2 to come and interract:

barnyard2-users :
https://groups.google.com/forum/?fromgroups#!forum/barnyard2-users
and
barnyard2-devel :
https://groups.google.com/forum/?fromgroups#!forum/barnyard2-devel


Cheers,
-elz




More information about the Snort-users mailing list