Recovering Lost Alerts

["Ron Shuck" <rshuck () Buchanan com>]

Hi,

I am working on a Snort deployment with ACID/MySQL. I am relatively new
to Snort. I worked previously with ISS RealSecure.

My concern is how do I recover lost or missed alerts if the MySQL
database goes down briefly or if the sensor losses communication with
the MySQL server?

I have added a 'heartbeat' mechanism in ACID to alert if any of the
sensors go down for any reason, but this only lets me know I missed
alerts. It looks like some of the information is in the syslog, but not
all.

Any help or suggestion would be greatly appreciated.


Thanks,

Ron Shuck, CISSP - Managing Consultant
Buchanan Associates - A Technology Company in the People Business

Attachment: smime.p7s
Description: