[Snort-users] Is there not a database schema in Snort Source for Snort?
wkitty42 at ...14940...
Sun Sep 14 13:10:41 EDT 2014
On 9/14/2014 12:02 AM, Jutichai Thongkrachai wrote:
> I'm just curious
> I try to set up Snort with Barnyard2 and Snorby as this links:
that tutorial is 4 years old...
> I do until the step that add the schema to the snort database but there is not a
> file that contain a bunch of sql command to create a schema at my Snort source
> directory ( /usr/local/src/snort-22.214.171.124)
i'm going to make a eWAG that the tutorial is operating on the assumption that
snort talks to databases... back then it may have done so but there were
numerous problems so the task of placing alerts into a database was removed and
delegated to other tools... the main thing that this did was to enable snort to
concentrate on snorting the network traffic instead of having to deal with
the solution is to use a tool like barnyard2 to read snort generated binary
unified2 files and have barnyard2 put those alerts into the database for other
tools like snorby to read and process...
in short, find another tutorial that uses barnyard2 with snort and snorby...
preferably one that is less than 2 years old... i say two years because it has
been at least that long since snort stopped talking to databases, IIRC...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users