Snort mailing list archives

Re: Snort and M$ Access?????

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 8 Feb 2002 11:33:59 -0800 (PST)

On Fri, 8 Feb 2002, Graham, Randy (RAW)  wrote:

Sorry, but I'm forced to ask this...


Oh, we're not!  :-)  We all need more 'Stupid Management Tricks Stories' to
laugh/cry over.

I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
well enough to correct the error of my ways).  Everything is working great,
and I love it.  Today, the bosses come to me and ask if we can make Snort
output to an Access database instead.  Knowing where this is going, I try to
fend it off by telling a little lie about what databases Snort supports
(mysql and postgres only).  So, they ask about dumping the mysql database
info into an Access file or flat text so Access can read it in.  Apparently,
they want to store the data on our "more secure" Win2k server.  Keep in mind
that these are the same people who won't let me use open source software
because someone might have compiled a trojan in to the source I'm
downloading...


[...horrible things snipped...]

I'm going to pretend I didn't read the other paragraphs, and concentrate on
what you're asking...

1)  Suckage:  Do they have any idea of the amount of suckage that Access has?
I mean, C'mon!  Try 2.5 million records in access with as much data as the
alerts are spitting out.  Yeah, it's real quick with that 20 minute sort.

2)  Updates:  When the DB schema gets updated, are they going to be able to
quickly change Access?  There's a script with each DB update to change the
supported DB types.

3)  ODBC:  If all else fails, they could use ODBC to 'move' the data from
MySQL to Access.

Now, if you'll excuse me, I think I've got some updates to the Drinking Game
to make...  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort and M$ Access????? Graham, Randy (RAW) (Feb 08)
- Re: Snort and M$ Access????? Onie Camara (Feb 08)
- Re: Snort and M$ Access????? Daniel Holden (Feb 08)
- GIF , PNG, JPEG ....NOT ENABLED CGI (Feb 08)
  - Empty MySQL DB Warrick FitzGerald (Feb 08)
    - Re: Empty MySQL DB Phil Wood (Feb 08)
  - Re: GIF , PNG, JPEG ....NOT ENABLED Alwin Raymundo (Feb 10)
- Re: Snort and M$ Access????? Erek Adams (Feb 08)
- Re: Snort and M$ Access????? Byron (Feb 08)
- RE: Snort and M$ Access????? John Kirk (Feb 08)
- <Possible follow-ups>
- Re: Snort and M$ Access????? Brad Plies (Feb 08)
- RE: Re: Snort and M$ Access????? Yom, Francis (Feb 08)
- RE: Snort and M$ Access????? Wirth, Jeff (Feb 08)
- RE: Re: Snort and M$ Access????? Brad Plies (Feb 08)
- RE: Snort and M$ Access????? e-mail lists (Feb 08)