Re: Recovering Lost Alerts

[Erek Adams <erek () theadamsfamily net>]

On Wed, 28 Aug 2002, Ron Shuck wrote:

[...snip...]

> My concern is how do I recover lost or missed alerts if the MySQL
> database goes down briefly or if the sensor losses communication with
> the MySQL server?

Use barnyard.  :)  Snort writes a unifed file, and then BY comes along and
reads the file on the fly handing the data to the DB on the backend.

> I have added a 'heartbeat' mechanism in ACID to alert if any of the
> sensors go down for any reason, but this only lets me know I missed
> alerts. It looks like some of the information is in the syslog, but not
> all.

Cool feature.  Might want to send it to Roman for review.

> Any help or suggestion would be greatly appreciated.

Suggestion?  Sure!  "Try the hotpockets, they're breathtaking."  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users