Re: [Snort-users] v2.8.4 incorrect logging to MySQL

From: Jason Brvenik <jasonb_at_nospam>
Date: Tue Apr 14 2009 - 15:38:34 GMT
To: James Lay <jlay@slave-tothe-box.net>

Here is my vote to remove all output methods from the engine except unified, to remove the code complexity. People are much better off having two dedicated processes achieving a common goal than they are with the code complexity and issues in the one code base.

On Tue, Apr 14, 2009 at 8:31 AM, James Lay <jlay@slave-tothe-box.net> wrote:
>
>
>
> ________________________________
> From: Ron Jenkins <rjenkins@rmjcs.net>
> Date: Mon, 13 Apr 2009 09:21:09 -0500
> To: 'Joel Esler' <jesler@sourcefire.com>
> Cc: James Lay <jlay@slave-tothe-box.net>, Snort
> <snort-users@lists.sourceforge.net>
> Subject: RE: [Snort-users] v2.8.4 incorrect logging to MySQL
>
> We are backing down from v2.8.4 until the new version can successfully write
> to the sensor and signature tables correctly.
>
> Until Soucrefire truly removes writing to the MySQL database and forces
> unified logging we see no reason to change at this time. Yes the new rule
> changes are much wanted, but after reading on the mass issues on the snort
> forums with the new version we are holding off on the update.
>
> Thanks
>
>
>
>
> I have to chime in and second this. Though Unified might be best, for
> smaller shops, my perception is that barnyard is an added layer of
> complexity. I run snort at the house on OS X...pretty much to catch the
> obvious dumb crap coming in from the outside world and to catch if the kids
> machines get something naughty. Again, larger shops where IDS is mission
> critical should take the extra step, but small ones..eh...I’ve found that
> logging direct to mysql works well enough. My 0.02 I guess.
>
> James
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: Joel Esler: "Re: [Snort-users] v2.8.4 incorrect logging to MySQL"
Previous message: Jason Wallace: "Re: [Snort-users] R: v2.8.4 incorrect logging to MySQL: PATCH"
In reply to: James Lay: "Re: [Snort-users] v2.8.4 incorrect logging to MySQL"
Next in thread: Joel Esler: "Re: [Snort-users] v2.8.4 incorrect logging to MySQL"
Reply: Joel Esler: "Re: [Snort-users] v2.8.4 incorrect logging to MySQL"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]