Re: Data Collection Help (fwd)

[Guillaume <guillaume () anteria fr>]

En réponse à Andrea Barisani <lcars () infis univ trieste it>:

> ---------- Forwarded message ----------
> On Wed, 21 Nov 2001, Lance Spitzner wrote:
>
> > The Honeynet Project is beginning to collect data from various
> > distributed Honeynets.  One of our primary weapons for data capture
> > is Snort.  Question, what are some of the best practices for
> > data collection for distributed Snort sensors?  We are currently
> > doing the following, any additional ideas GREATLY appreciated.
> >
> >  - MySQL backend for Snort alerts, ACID interface
> >  - Daily copy of Snort binary log files
>
> Hi Lance!
>
> My experience is that the best way for logging snort sensors data is the
> following:
>
> On the sensor
>
> 1) standard snort process with full alert logging and tcpdump style
> binary logging of traffic.

Hi.

I would just have one question about this way of logging traffic which I think 
is a good way : did you (or anyone esle) benchmark snort and tcpdump (or any 
other libpcap-based utility) for raw traffic logging ? I.e.: which tool is the 
best (reliability, speed...) ?

Thanks.

Guillaume.

**********************************
Sent with HORDE/IMP

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users