[Snort-users] Snort logs to MySQL

Sat Jan 28 13:51:13 EST 2017

On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote:
> Hello everyone!
> I'm wondering why snort developers stopped supporting logging to SQL database
> directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better
> if snort just logs to SQL directly?

no... if the database is not available or there is a problem, snort would hang 
waiting on the connection to clear and return... that hang lead to traffic being 
missed... it is best if snort just write to its logs and let something else 
worry about pharting about with some database mess ;)

