[Snort-users] Snort and MySQL

Jeremy Hoel jthoel at ...11827...
Fri Sep 21 14:47:47 EDT 2012


The reason behind it was, as i can best summarize, is that snort is a
IDS/IPS and it's job is to generate alerts as quick as possible.  So
snort outputs to unified and syslog and that's about it.  Then you use
other tools to take the unified files and send them somewhere.  this
allows snort to work faster and focus on it's one task vs worring
about DB connections, etc.



On Fri, Sep 21, 2012 at 4:43 PM, PR <oly562 at ...11827...> wrote:
> whose bright idea what that by the way? reasons??? due to daq? just
> curious. thanks, it helps me understand things more
>
> On Fri, 2012-09-21 at 08:12 -0400, Jack wrote:
>> Snort can not output directly to mysql anymore, It is required to use
>> Barnyard2 in order to use mysql databases with snort now.
>>
>> On Fri, Sep 21, 2012 at 7:20 AM, Joao Daniel Neves
>> <joaodanielnevesss at ...125...> wrote:
>> >
>> > Hi,
>> >
>> > I instaled MySQL via RPM at Centos 5.5.
>> >
>> > [root at ...780... ]# rpm -qa | grep mysql
>> > mysql-5.0.77-4.el5_6.6
>> >
>> > It is a x86 package. My OS is x86_64
>> >
>> > I have compiled the snort's dependencies for my system since that there
>> > aren't official RPM packages. I ran ldconfig.
>> >
>> > Then I finally tried to install snort.
>> >
>> > ./configure --with-mysql
>> > A lot of output cuted
>> > configure: WARNING: unrecognized options: --with-mysql
>> >
>> > My question: How to compile Snort to use MySQL?
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Got visibility?
>> > Most devs has no idea what their production app looks like.
>> > Find out how fast your code is with AppDynamics Lite.
>> > http://ad.doubleclick.net/clk;262219671;13503038;y?
>> > http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>> > Please visit http://blog.snort.org to stay current on all the latest Snort
>> > news!
>>
>>
>>
>
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list