Re: system setup for SNORT: looking for recommendation

[twig les <twigles () yahoo com>]

How much disk space should I set aside for SNORT to
> record data 
> about network activity? And under what filesystem? 
> --


Most answers to the "how big a system do I need" questions are
"it depends".  However I will say that you will likely end up
using a database to log alerts rather than the text files,
therefore it would behoove you to make sure /var is very big
(setup the rest of the partitions and then use the rest for
/var) and make sure upon installing/setting up the database that
it logs to /var/whatever.  Then you'll be covered with a db,
text files, syslog, etc. without too much hassle.

=====
-----------------------------------------------------------
With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
     --Carl Sagan  
-----------------------------------------------------------


        
                
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users