[Snort-users] Snort logs to MySQL

Al Lewis (allewi) allewi at ...589...
Fri Jan 27 13:25:51 EST 2017

The direct logging from snort probably was done for performance reasons and to keep snort more lean.

Depending on how you set up logging you may need something to help you read them ( i.e u2spewfoo ) The section on logging is here:


Albert Lewis
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Abdullah AL-Mutairy <abohabeeb1412 at ...11827...<mailto:abohabeeb1412 at ...11827...>>
Date: Friday, January 27, 2017 at 12:57 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] Snort logs to MySQL

Hello everyone!

I'm wondering why snort developers stopped supporting logging to SQL database directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better if snort just logs to SQL directly?

Another thing .. i tried reading the logs in snort\log but it's not readable! Just random letters and symbols.

I'm new to snort as IDS .. and i appreciate your help ^_^

. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170127/d5d8bd74/attachment.html>

More information about the Snort-users mailing list