[Discussion] not a db schema
James McQuaid
jim.mcquaid at gmail.com
Tue Oct 28 03:25:53 UTC 2008
I'm *still* listening... please continue.
Message: 3
Frank Knobbe wrote:
> No, that's a bad idea (at least if you talk about Snort). If you create
> new/different message texts, Snort will create a new entry in the
> signature table (unique to msg+gid+sid+rev). Also, you would not get the
> same text with barnyard or in barnyard (and probably flop) based
> installs since BY only reports the sid (the msg is pulled from the
> sid-msg.map file).
We are not talking snort. This is totally different.
And we'll definitely not use a db schema with this issue.
Matt
>
> While you could of course fork barnyard, my concern would be the bloat
> of the signature table due to unique msg texts.
>
No forking here, all new.
Everything from the pattern matcher on up. :)
Matt
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
--
James McQuaid
http://www.jamesmcquaid.com
More information about the Discussion
mailing list