[Snort-users] Snort's architecture
wkitty42 at ...14940...
Fri Sep 7 20:44:21 EDT 2012
On 9/7/2012 12:32, Victor Roemer wrote:
> Just to clear it up. Database output was deprecated in 2.9.2 and removed in 2.9.3.
thanks for that, victor... i knew it was sometime in the 2.9 era but i just
couldn't remember it and didn't feel like hunting thru my archives to determine
exactly when it was or what version it was... my guess of 2.9.0.* was "slightly"
> ~ Victor
> On Fri, Sep 7, 2012 at 11:29 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
> On 9/6/2012 21:29, dandantheitman wrote:
> > You could always argue that snort can also output to a database, as well as a
> > file or an alert,
> yeah, no... snort doesn't do database output any more... i forget which was the
> last version to support it but i suspect it was in the 2.8.* range... possibly
> one or two of the 2.9.0.* ones but nothing newer... for database output, you
> /have/ to run another tool to read the output files that snort does emit and
> have that tool do the output to the database...
More information about the Snort-users