Snort mailing list archives
RE: Re: (Snort-users) Log analysis tools
From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Thu, 6 Sep 2001 13:37:41 -0400
ACID uses a database rather than flat files as its repository, and the database will benefit from as much memory as you can give it. Installation is not difficult, but tuning any database is an art. ACID is, however, a great realtime analysis tool, and well worth the effort. I've installed ACID and a Postgres database on a moderate-sized machine dedicated to the analysis/reporting function, and have the Snort probes running on smaller boxes with dual NICs, the primary NIC being the sniffer port, and the second being a private LAN to the analysis machine. ACID performance is adequate, but not snappy. I use ACID for followup analysis of events, and performance isn't a major issue. The probes I've installed are autonomous, each having a modem and phone line and some additional intelligence to do exception paging when Snort detects a problem. So ACID's real strength for me is its analysis capabilities once I've been paged.
-----Original Message----- From: Subba Rao [SMTP:subba9 () home com] Sent: Thursday, September 06, 2001 9:44 AM To: sandro.poppi () wacker com Cc: snort-users () lists sourceforge net Subject: [Snort-users] Re: (Snort-users) Log analysis tools On 0, sandro.poppi () wacker com wrote:Try ACID. It's not that simple to install because of various supportpackagesneeded and it's database related, but you get all alerts when theyhappen/nearly realtime) and it can be queried via a browser. ACID can be found on http://www.cert.org/kb/acid/Thank you for replying and this info. Is ACID a memory hog? SnortSnarf needs lot of tuning up(that is another discussion). I would assume that such (ACID) setup would be on a different box and not on the Snort agent itself. Thank you once again. -- Subba Rao subba9 () home com http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Re: (Snort-users) Log analysis tools Fraser Hugh (Sep 06)