Snort mailing list archives
Re: new user, great product, but ...
From: Erek Adams <erek () snort org>
Date: Wed, 23 Apr 2003 09:33:24 -0400 (EDT)
On Tue, 22 Apr 2003, Allen, Garrett wrote:
installed version 1.9.1 (build 231) of the pink beastie. very interesting results captured from our network. pointed to a potential issue with xp configs. i'm generating log files, haven't quite got the mastery of mysql installation yet. anyways, here's the question: the very day i started using snort for real was the day one of our wandering sales minstrals returns with an ms-sql worm. it momentarily shut down our net when he fired up his machine, then went for coffee, flooding the network with traffic as a worm is want to do. we were able to quickly detect where the problem originated from and shut the machine down. but in the meantime snort generated enough log files to fill /var. ouch. any way to slow down the volume of log entries? any other operational tips?
Two: * Save headache and move on to 2.0. It was released on 4/14. * Consider using 'unified' logging [0]. It can help with the log rotation headache. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.9 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- new user, great product, but ... Allen, Garrett (Apr 22)
- Re: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Erek Adams (Apr 23)
- <Possible follow-ups>
- RE: new user, great product, but ... Allen, Garrett (Apr 22)
- RE: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Michael Anderson (Apr 22)
- Re: new user, great product, but ... Neil Dickey (Apr 22)
- RE: new user, great product, but ... Allen, Garrett (Apr 22)