[Discussion] not a db schema

James McQuaid jim.mcquaid at gmail.com
Tue Oct 28 03:25:53 UTC 2008


I'm *still* listening... please continue.

Message: 3
Frank Knobbe wrote:
> No, that's a bad idea (at least if you talk about Snort). If you create
> new/different message texts, Snort will create a new entry in the
> signature table (unique to msg+gid+sid+rev). Also, you would not get the
> same text with barnyard or in barnyard (and probably flop) based
> installs since BY only reports the sid (the msg is pulled from the
> sid-msg.map file).

We are not talking snort. This is totally different.

And we'll definitely not use a db schema with this issue.

Matt

>
> While you could of course fork barnyard, my concern would be the bloat
> of the signature table due to unique msg texts.
>

No forking here, all new.

Everything from the pattern matcher on up. :)

Matt


--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net


--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





-- 
James McQuaid
http://www.jamesmcquaid.com



More information about the Discussion mailing list