OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [snort] SnortSANS: Roundup
From: Jed Pickel (jedpickel.net)
Date: Tue Mar 28 2000 - 10:56:31 CST

> Ok, I know you've all been waiting to hear how Snort did at SANS (ok,
> maybe not ;), so here's the report.
>
> In a nutshell, Snort kicked ass at SANS.

Excellent news. Thanks for your detailed report Marty.

> Getting the postgres stuff working was non-trivial, it took me about 2
> hours from the time I compiled in the support to the time where Snort
> was able to log packets to the DB and get them displayed on the web
> interface. We need to get some better docs together if we're going to
> be able to give this to the non-guru set for general usage..... :)

Agreed.... To keep everyone up to date, here is the status of the
database plug-in. I am currently integrating code to log to
Postgresql, MySql, and UnixODBC into a single plug-in called
spo_log_datatabase. Virtual hi five to Todd Schrubb for contributing
code to log to MySQL! With ODBC working, you can log to any
database. In order to be consistent across databases, I am going to
have to slightly change the database structure. Also, I plan to change
the names in some of the columns to be more consistent with snort
source. I will talk with Yen-Ming about this so he can keep the PHP
script up to date. If anyone else has started developing applications
based on snortdb let me know.

It will probably be another week minimum before this is released. Once
the next version is released I plan to put together some more decent
documentation.

* Jed