Snort mailing list archives
Re: Snort auotmatic email alert.
From: Erik Fichtner <emf () servervault com>
Date: Fri, 6 Aug 2004 21:12:35 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 06, 2004 at 07:50:23PM -0500, Harper, Patrick wrote:
Don't those all use syslog?
Yes. MySQL/ACID does not scale. (sure, it's kinda neat if you want to browse around in a limited data set, but MySQL limitations keep you from having real historical datasets. You'll go to pcap files eventually.) And mining through the snortdb schema inside MySQL for event text in order to send email alerts is kinda like bringing a hatchet to an ice cream social. Besides, if you use SEC to do this, you can spend all your time writing state engine rules so that you can use the state engine to do work for you, instead of digging around in a browser all day trying to figure out which false alarm you're looking at this time.. But if you like that sort of thing, don't let me stop you. - -- Erik Fichtner Principal Engineer, Information Security, ServerVault Corp. 703-652-5900 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFBFCyDQ7EzrewLMS0RAmnBAKDDhTMH0WJ4gQMyHhTE8Qpk+CASmgCeINUf tNltxLiabAVy6yTW1lfadsM= =1xsT -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort auotmatic email alert. Lyndon Tiu (Aug 06)
- <Possible follow-ups>
- RE: Snort auotmatic email alert. Harper, Patrick (Aug 06)
- Re: Snort auotmatic email alert. Erik Fichtner (Aug 06)
- Re: Snort auotmatic email alert. Frank Knobbe (Aug 08)
- RE: Snort auotmatic email alert. Jim Hendrick (Aug 09)
- Re: Snort auotmatic email alert. Erik Fichtner (Aug 06)
- Re: Snort auotmatic email alert. Lyndon Tiu (Aug 09)
- Re: Snort auotmatic email alert. Steve Knoch (Aug 06)
- RE: Snort auotmatic email alert. Joshua Berry (Aug 06)
- RE: Snort auotmatic email alert. Harper, Patrick (Aug 06)
- Re: Snort auotmatic email alert. Erik Fichtner (Aug 06)