Snort mailing list archives
Re: SnortDB question
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 3 Aug 2001 13:57:11 -0700 (PDT)
On Fri, 3 Aug 2001, Julia A. Case wrote:
Upon further consideration I realized this would be a stupid thing to do, I mean the logging to the database would cause network traffic that would get logged, that cause network traffic... see where this is going?
Julia, Keep in mind that the traffic that will be generated (in a perfect world... :) would be over a backend private net. If that's the case the impact would be low. If not, you could do some post processing... One thing that can be done is to log everything to a binary file, then HUP snort to re-create a new file, pull/push the data file to your db machine and have a copy of snort there to post process all the data. Sorta like what SHADOW does. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortDB question Julia A. Case (Aug 03)
- Re: SnortDB question Julia A. Case (Aug 03)
- Re: SnortDB question Erek Adams (Aug 03)
- <Possible follow-ups>
- RE: SnortDB question Fraser Hugh (Aug 03)
- Re: SnortDB question Travis Dawson (Aug 03)
- Re: SnortDB question Julia A. Case (Aug 03)