Snort mailing list archives
Announce: FLoP-1.2.0
From: Dirk Geschke <dirk () geschke-online de>
Date: Thu, 1 Apr 2004 00:05:12 +0200 (CEST)
Hi all, maybe someone is interested in the new release of FLoP, the Fast Logging Project for snort. With FLoP alerts generated via snort are written to a unix domain socket, there a threaded process reads these alerts, buffers them in memory if necessary and forwards them to a central server. On the central server another threaded process gathers these alerts, buffers them in memory if necessary and stores them via an unix domain socket to either a MySQL or PostgreSQL database. The major changes between version 1.0 and 1.2 are: + A handshake mechanism is added between the remote sensors and the central server. + If the database is not available any connection from a remote sensor is temporarily refused. + If the databas dies during inserts all connections to remote sensors are canceled, the buffere alerts are written to a sensor based swap file. + If the database is available again and a remote sensor reconnects we first check for the presence of a swap file for this sensor. If such a file is there we first read in these alerts from the file and then accept connections from the sensor. This way the possible lost of information should be minimized. + The database scheme as used by ACID can be extended by a few columns. In these columns additional packet informations can be stored. With these additional data and the program "getpacket" the full pcap file can be reconstructed which is capable to be analyzed with tcpdump or ethereal. All this and additional information can be found at: http://www.geschke-online.de/FLoP Best regards Dirk Geschke ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Announce: FLoP-1.2.0 Dirk Geschke (Mar 31)