[tech] Snort Testing
Daniel Axtens
dja at ucc.asn.au
Wed Feb 22 00:15:47 WST 2012
> Ah, I broke it to switch to postgres, but I naively thought that if NFQUEUE failed the packets would continue merrily onwards to their destination.
This has now been fixed and we're now logging to the snort database in postgres on mussel, as well as the standard logfiles (I think - the db works, not sure about logfiles).
Unfortunately even this is not a fantastic solution:
murasoi snort[15993]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
murasoi snort[15993]: !! WARNING: The database output plugins are considered deprecated as
murasoi snort[15993]: !! of Snort 2.9.2 and will be removed in Snort 2.9.3.
murasoi snort[15993]: !! The recommended approach to logging is to use unified2 with
murasoi snort[15993]: !! barnyard2 or similar.
murasoi snort[15993]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Seems the proper solution is a program called barnyard[2], which is conveniently not packaged in debian.
Will deal with this later.
[DJA]
More information about the tech
mailing list