Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Diagnosing MySQL server has gone away messages

from [Nerijus Krukauskas] Network Security [Permanent Link]
Subject: Re: [Snort-users] Diagnosing MySQL server has gone away messages
Date: Wed, 22 Aug 2007 09:04:57 +0300 
On 21/08/07, Matthew Watchinski <mwatchinski@sourcefire.com> wrote:

bleh wrote:

Can you explain what you mean by Snort "has to stop being an IDS"? If

Snort

is no longer an IDS when logging directly to a DB what is it?



Snort is single threaded.  Snort isn't doing anything else while it's
waiting for the DB to return.


  With all the downsides of DB output plug-in and none (as far as this
thread goes) upsides, I then raise the question: Why it is still
present in snort source? Remove it. :)
  Although I would be against this, because I have some uses for it as
'bleh' in some test environments, which are small enough and servers
doing tests are big enough for db not being a bottleneck. And I can't
remember (this was a couple of years back), but due to not being
developed barnyard had some problems with newer snort versions. I was
very glad when FLoP appeared.

-- 
http://nk99.org/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Diagnosing MySQL server has gone away messages, Jason
Next by Date:  Re: [Snort-users] Listening to Wrong Interface (OS X), Jason
Previous by Thread:  Re: [Snort-users] Diagnosing MySQL server has gone away messages, Matthew Watchinski
Next by Thread:  [Snort-users] Problems daemonizing snort when using BPF filters, Patrik Nordlén
Indexes:  [Date] [Thread] [Top] [All Lists]