Re: Queuing MSSQL log data without Barnyard

[Chris Green <cmg () uab edu>]

"Burleson, Lee (IA)" <Lee.Burleson () ia ngb army mil> writes:

> Chris -
>
> I didn't realize that a db write would cause Snort to drop packets.
> If so,

It's not guaranteed to cause packet loss but it can depending on
traffic/alert rate/insert speed.

> I will have to keep an eye on it. -see question below-  Currently the
> sensors are logging directly to the central MSSQL DB over IPSec - I did not
> see any packet loss in my trials.  If processor utilization has anything to
> do with it, I have _lots_ of cycles to spare.  Hopefully logging to a local
> DB would keep loss to a minimum.

I'd try an expirment where you have a alert rule that goes off on
echo requests and then send 1000 while other traffic is on the wire.
Silly but would let you see how setup handles peaks in traffic/alerts.

> Question: How does one, in Win32, cause Snort to give statistics on
> demand?

Not sure as I'm not a windows snort user.

> I seem to remember that one can send a signal to the Snort process in *n?x
> to achieve this, but I see no Win32 equivalent.
>
> - Lee

-- 
Chris Green <cmg () uab edu>
Laugh and the world laughs with you, snore and you sleep alone.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users