Snort mailing list archives

RE: Question about snortsnarf

From: James Hoagland <jim () SiliconDefense com>
Date: Thu, 13 Feb 2003 09:10:47 -0800

At 11:36 PM -0600 2/12/03, Schmehl, Paul L wrote:

The log files are rotated daily.  But I'm running snortsnarf against the
mysql database.  What I don't understand is the program has run for
hours and never written a single file to the hard drive.  Does it
actually try to put everything in memory before it writes anything out?

That is correct, since SnortSnarf draws some correlation across theall the alerts, it doesn't output anything until it has readeverything it.


Regards,

  Jim
--
|*     Jim Hoagland, Associate Researcher, Silicon Defense     *|
|*    --- Silicon Defense: The Cyberwar Defense Company ---    *|
|*   jim () SiliconDefense com, http://www.silicondefense.com/    *|
|*  Voice: (530) 756-7317                 Fax: (530) 756-7297  *|


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Question about snortsnarf Schmehl, Paul L (Feb 12)
- <Possible follow-ups>
- Re: Question about snortsnarf Eric Joe (Feb 12)
- RE: Question about snortsnarf Schmehl, Paul L (Feb 12)
  - RE: Question about snortsnarf James Hoagland (Feb 13)
    - RE: Question about snortsnarf Paul Schmehl (Feb 13)
    - RE: Question about snortsnarf Eric Joe (Feb 13)