[Snort-users] problem with using snort to log in MS SQL server on another machine

Joel Esler jesler at ...1935...
Tue Aug 14 11:19:04 EDT 2012


On Aug 13, 2012, at 10:21 PM, waldo kitty <wkitty42 at ...14940...> wrote:

> On 8/9/2012 08:20, Asieh Mokarian wrote:
>> Hi,
>> 
>> I want to compile an instance of snort on a linux based system, but I want to
>> compile it to log packets on a MS-SQL server on a remote machine which is
> 
> i suspect that you cannot do this any more... direct logging to databases has 
> been (or will be) removed…

has been.  Removed in 2.9.3.0

> the apparent way to do this now is to feed snort's 
> output to barnyard2... AFAICT, the biggest and main achievement of this change 
> is to enable snort to operate more on the goal of sniffing the traffic while not 
> loosing any (or as much) and snort not having to deal with talking to some 
> database server that may or may not be online or fast enough to accept 
> everything that snort may be outputting…

It is also to remove code that we don't regression test against.  We don't test it, we don't update it, and we don't know if it's working.  Better to let people that primarily deal with that (barnyard2 guys).

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire





More information about the Snort-users mailing list