Re: [Snort-users] snort and mysql5 losing db connection

Jason,

Is this for unified alert, log, or both?

Bammkkkk


On 6/14/07, Jason Brvenik <jasonb@sourcefire.com> wrote:
> Interesting that this topic comes up.
>
> I wrote a perl module for handling unified files for just these reasons
> (and many more) it currently lives at:
>
> http://cerberus.sourcefire.com/~jbrvenik/unified_perl
>
> It fully handles unified files and is portable across platforms and
> handles big/little endian issues and 64bit unified files too.
>
> It would not take much work to make the db code a direct replacement for
> barnyard.
>
> http://cerberus.sourcefire.com/~jbrvenik/unified_perl/ufdbtest.pl
>
> So... some questions for the community.
>
> - What is the interest in having a direct barnyard replacement?
> - Anyone interested in taking a stab at it?
> - What other capabilities are desired (I know you want ppp support, Richard)
> - Anyone want to take up documenting it?
>
>
>
>
>
> Jeff Dell wrote:
> > Richard,
> >
> > I couldn't agree with you more, but I think this is partially to do with
> > barnyard and not the users. Here are a few reasons why I think this is
> > happening...
> >
> > o. Barnyard hasn't been updated in 3 years. It could be thought that
> > something this old is no longer supported. (I know it is stable and
> > working.. so no need to upgrade)
> > o. Barnyard isn't available on snort.org as a binary package which makes it
> > harder for some people to install.
> > o. Not supported on all OS's. one being Windows.
> > o. The barnyard email list gets more spam then real email.
> > o. Lack of documentation how to install snort with barnyard. Even in the
> > online manual at snort.org doesn't talk about how to do this.
> >
> > I would bet that most people don't use barnyard even though Snort should not
> > be used without it.
> >
> > Cheers,
> > Jeff
> >
> > -----Original Message-----
> > From: snort-users-bounces@lists.sourceforge.net
> > [mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of Richard
> > Bejtlich
> > Sent: Thursday, June 14, 2007 9:41 AM
> > To: j.greg.k@gmail.com; snort-users@lists.sourceforge.net
> > Subject: Re: [Snort-users] snort and mysql5 losing db connection
> >
> > Greg King wrote:
> >
> > > Another thread back in 2005 mentioned to use barnyard and not the sql
> > > connector. That is not an option for base and probably would fail with
> > aanval
> > > users as well.
> >
> > Why is Barnyard not an option for BASE users?  Using Barnyard is your
> > best option.  Direct logging from Snort to MySQL has been a bad idea
> > for about six years now, but like SQL Slammer it seems to always be
> > with us...
> >
> > Sincerely,
> >
> > Richard
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users