OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Erek Adams (erektheadamsfamily.net)
Date: Fri Feb 08 2002 - 13:33:59 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, 8 Feb 2002, Graham, Randy (RAW) wrote:

    > Sorry, but I'm forced to ask this...

    Oh, we're not! :-) We all need more 'Stupid Management Tricks Stories' to
    laugh/cry over.

    > I have recently gotten Snort 1.8.3 running with mysql and ACID 0.9.6b19 on a
    > couple of RedHat 7.2 boxen (I know, Marty - I'm working on learning *BSD
    > well enough to correct the error of my ways). Everything is working great,
    > and I love it. Today, the bosses come to me and ask if we can make Snort
    > output to an Access database instead. Knowing where this is going, I try to
    > fend it off by telling a little lie about what databases Snort supports
    > (mysql and postgres only). So, they ask about dumping the mysql database
    > info into an Access file or flat text so Access can read it in. Apparently,
    > they want to store the data on our "more secure" Win2k server. Keep in mind
    > that these are the same people who won't let me use open source software
    > because someone might have compiled a trojan in to the source I'm
    > downloading...

    [...horrible things snipped...]

    I'm going to pretend I didn't read the other paragraphs, and concentrate on
    what you're asking...

    1) Suckage: Do they have any idea of the amount of suckage that Access has?
    I mean, C'mon! Try 2.5 million records in access with as much data as the
    alerts are spitting out. Yeah, it's real quick with that 20 minute sort.

    2) Updates: When the DB schema gets updated, are they going to be able to
    quickly change Access? There's a script with each DB update to change the
    supported DB types.

    3) ODBC: If all else fails, they could use ODBC to 'move' the data from
    MySQL to Access.

    Now, if you'll excuse me, I think I've got some updates to the Drinking Game
    to make... ;-)

    -----
    Erek Adams
    Nifty-Type-Guy
    TheAdamsFamily.Net

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users