Snort mailing list archives
Re: Problems about snort in enterprise environment
From: Brian <bmc () snort org>
Date: Thu, 7 Nov 2002 17:50:33 -0500
On Thu, Nov 07, 2002 at 02:41:59PM -0800, Erek Adams wrote:
My suggestion: Don't waste time building a box with 'everything'. Just install snort on your sensors and nothing else. Have all of your sensors use Barnyard and log to a remote/central DB server and on the DB server install ACID. The 'leaner and meaner' you make your sensors the faster they will be able to run and work.
And actually, that works for everything involved. A DB box will run faster if it doesn't have to sniff packets, just like a sniffing box will run faster if it doesn't have to do DB stuff. -brian ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems about snort in enterprise environment Andrea Iacopini (Nov 07)
- Re: Problems about snort in enterprise environment Atul Shrivastava (Nov 07)
- Re: Problems about snort in enterprise environment Erek Adams (Nov 07)
- Re: Problems about snort in enterprise environment Brian (Nov 07)
- Re: Problems about snort in enterprise environment twig les (Nov 07)
- Re: Problems about snort in enterprise environment Brian (Nov 07)
- <Possible follow-ups>
- RE: Problems about snort in enterprise environment Fraser Hugh (Nov 07)