Re: Snort and MySQL

[Jeremy Hoel <jthoel () gmail com>]

The reason behind it was, as i can best summarize, is that snort is a
IDS/IPS and it's job is to generate alerts as quick as possible.  So
snort outputs to unified and syslog and that's about it.  Then you use
other tools to take the unified files and send them somewhere.  this
allows snort to work faster and focus on it's one task vs worring
about DB connections, etc.



On Fri, Sep 21, 2012 at 4:43 PM, PR <oly562 () gmail com> wrote:
> whose bright idea what that by the way? reasons??? due to daq? just
> curious. thanks, it helps me understand things more
>
> On Fri, 2012-09-21 at 08:12 -0400, Jack wrote:
> > Snort can not output directly to mysql anymore, It is required to use
> > Barnyard2 in order to use mysql databases with snort now.
> >
> > On Fri, Sep 21, 2012 at 7:20 AM, Joao Daniel Neves
> > <joaodanielnevesss () hotmail com> wrote:
> > > Hi,
> > >
> > > I instaled MySQL via RPM at Centos 5.5.
> > >
> > > [root@host ]# rpm -qa | grep mysql
> > > mysql-5.0.77-4.el5_6.6
> > >
> > > It is a x86 package. My OS is x86_64
> > >
> > > I have compiled the snort's dependencies for my system since that there
> > > aren't official RPM packages. I ran ldconfig.
> > >
> > > Then I finally tried to install snort.
> > >
> > > ./configure --with-mysql
> > > A lot of output cuted
> > > configure: WARNING: unrecognized options: --with-mysql
> > >
> > > My question: How to compile Snort to use MySQL?
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Got visibility?
> > > Most devs has no idea what their production app looks like.
> > > Find out how fast your code is with AppDynamics Lite.
> > > http://ad.doubleclick.net/clk;262219671;13503038;y?
> > > http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest Snort
> > > news!
>
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!