Snort mailing list archives
Re: Data Collection Help (fwd)
From: Guillaume <guillaume () anteria fr>
Date: Fri, 23 Nov 2001 09:29:07 +0100 (CET)
En réponse à Andrea Barisani <lcars () infis univ trieste it>:
---------- Forwarded message ---------- On Wed, 21 Nov 2001, Lance Spitzner wrote:The Honeynet Project is beginning to collect data from various distributed Honeynets. One of our primary weapons for data capture is Snort. Question, what are some of the best practices for data collection for distributed Snort sensors? We are currently doing the following, any additional ideas GREATLY appreciated. - MySQL backend for Snort alerts, ACID interface - Daily copy of Snort binary log filesHi Lance! My experience is that the best way for logging snort sensors data is the following: On the sensor 1) standard snort process with full alert logging and tcpdump style binary logging of traffic.
Hi. I would just have one question about this way of logging traffic which I think is a good way : did you (or anyone esle) benchmark snort and tcpdump (or any other libpcap-based utility) for raw traffic logging ? I.e.: which tool is the best (reliability, speed...) ? Thanks. Guillaume. ********************************** Sent with HORDE/IMP _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Data Collection Help (fwd) Andrea Barisani (Nov 21)
- Re: Data Collection Help (fwd) james (Nov 21)
- Re: Data Collection Help (fwd) Guillaume (Nov 23)
- <Possible follow-ups>
- Re: Data Collection Help (fwd) james (Nov 21)