[Snort-users] Snort logs to MySQL

Joel Esler (jesler) jesler at ...589...
Sun Jan 29 12:29:13 EST 2017


There are massive differences (aside from the fact that the ruleset won't work in that version of Snort anymore)

2.3 is more than 10 years old!  I suggest output from Snort in unified2 and use Barnyard2 to insert into the database.

--
Sent from my iPhone

On Jan 29, 2017, at 12:15 PM, Abdullah AL-Mutairy <abohabeeb1412 at ...14542....<mailto:abohabeeb1412 at ...11827...>> wrote:

Thanks guys!

But what if i want to use an older version of snort (ex: snort 2.3) that support logging directly to MySQL DB .. just for testing purposes not for production.
Is there much deferences between 2.9 and 2.3? Or just few bug fixes?

I tried to use barnyard but i couldn't make it work as it needs some compiler, i tried to compile and but couldn't make it work too! (Bad luck i guess -_-)

Why do you need a third party tool just to copy the logs? Wouldn't be better if there some process or optional service inside snort that copy or export logs?

I just want to perform some experiments of snort as a signature-based IDS.

Sorry for the too many questions!
I really appreciate your help :)

. . . . .

On Jan 28, 2017, at 10:55 PM, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:

Waldo is 100% correct.

--
Sent from my iPhone

On Jan 28, 2017, at 1:52 PM, "wkitty42 at ...14940...<mailto:wkitty42 at ...14945......>" <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>> wrote:

On 01/27/2017 12:57 PM, Abdullah AL-Mutairy wrote:

Hello everyone!

I'm wondering why snort developers stopped supporting logging to SQL database
directly? I know i can use barnyard2 to log into SQL DB .. but isn't it better
if snort just logs to SQL directly?

no... if the database is not available or there is a problem, snort would hang
waiting on the connection to clear and return... that hang lead to traffic being
missed... it is best if snort just write to its logs and let something else
worry about pharting about with some database mess ;)


--
NOTE: No off-list assistance is given without prior approval.
      *Please keep mailing list traffic on the list* unless
      private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170129/7c77c7ee/attachment.html>


More information about the Snort-users mailing list