Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SnortDB question

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 3 Aug 2001 13:57:11 -0700 (PDT)
On Fri, 3 Aug 2001, Julia A. Case wrote:


Upon further consideration I realized this would be a stupid thing to do,
I mean the logging to the database would cause network traffic that would
get logged, that cause network traffic...  see where this is going?


Julia,

        Keep in mind that the traffic that will be generated (in a perfect
world... :) would be over a backend private net.  If that's the case the
impact would be low.  If not, you could do some post processing...

        One thing that can be done is to log everything to a binary file, then
HUP snort to re-create a new file, pull/push the data file to your db machine
and have a copy of snort there to post process all the data.  Sorta like what
SHADOW does.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: