[Snort-users] Snort's architecture

waldo kitty wkitty42 at ...14940...
Fri Sep 7 20:44:21 EDT 2012


On 9/7/2012 12:32, Victor Roemer wrote:
> Just to clear it up. Database output was deprecated in 2.9.2 and removed in 2.9.3.

thanks for that, victor... i knew it was sometime in the 2.9 era but i just 
couldn't remember it and didn't feel like hunting thru my archives to determine 
exactly when it was or what version it was... my guess of 2.9.0.* was "slightly" 
off :lol:

>
>
> ~ Victor
>
>
> On Fri, Sep 7, 2012 at 11:29 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
>
>     On 9/6/2012 21:29, dandantheitman wrote:
>      > You could always argue that snort can also output to a database, as well as a
>      > file or an alert,
>
>     yeah, no... snort doesn't do database output any more... i forget which was the
>     last version to support it but i suspect it was in the 2.8.* range... possibly
>     one or two of the 2.9.0.* ones but nothing newer... for database output, you
>     /have/ to run another tool to read the output files that snort does emit and
>     have that tool do the output to the database...





More information about the Snort-users mailing list