[Snort-users] Snort logs to MySQL

Abdullah AL-Mutairy abohabeeb1412 at ...11827...
Sun Jan 29 12:15:23 EST 2017


Thanks guys!

But what if i want to use an older version of snort (ex: snort 2.3) that support logging directly to MySQL DB .. just for testing purposes not for production.
Is there much deferences between 2.9 and 2.3? Or just few bug fixes?

I tried to use barnyard but i couldn't make it work as it needs some compiler, i tried to compile and but couldn't make it work too! (Bad luck i guess -_-) 

Why do you need a third party tool just to copy the logs? Wouldn't be better if there some process or optional service inside snort that copy or export logs?

I just want to perform some experiments of snort as a signature-based IDS.

Sorry for the too many questions!
I really appreciate your help :)

. . . . . 

> On Jan 28, 2017, at 10:55 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
> 
> Waldo is 100% correct.  
> 
> --
> Sent from my iPhone
> 
>>> On Jan 28, 2017, at 1:52 PM, "wkitty42 at ...14940..." <wkitty42 at ...14992.....> wrote:
>>> 
>>> On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote:
>>> 
>>> Hello everyone!
>>> 
>>> I'm wondering why snort developers stopped supporting logging to SQL database
>>> directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better
>>> if snort just logs to SQL directly?
>> 
>> no... if the database is not available or there is a problem, snort would hang 
>> waiting on the connection to clear and return... that hang lead to traffic being 
>> missed... it is best if snort just write to its logs and let something else 
>> worry about pharting about with some database mess ;)
>> 
>> 
>> -- 
>> NOTE: No off-list assistance is given without prior approval.
>>       *Please keep mailing list traffic on the list* unless
>>       private contact is specifically requested and granted.
>> 
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170129/35de4648/attachment.html>


More information about the Snort-users mailing list