[Snort-users] Snort logs to MySQL

wkitty42 at ...14940... wkitty42 at ...14940...
Sat Jan 28 13:51:13 EST 2017

On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote:
> Hello everyone!
> I'm wondering why snort developers stopped supporting logging to SQL database
> directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better
> if snort just logs to SQL directly?

no... if the database is not available or there is a problem, snort would hang 
waiting on the connection to clear and return... that hang lead to traffic being 
missed... it is best if snort just write to its logs and let something else 
worry about pharting about with some database mess ;)

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list