Re: BandWidth question

["Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>]

--On 09 August 2005 18:43 -0400 Matt Kettler <mkettler () evi-inc com> wrote:

> Sabbiolina wrote:
> > Hello there,
> > I need to analyze all e-mail traffic looking for specific
> > words/sentences and dump to disk all messages matching those criteria.
> > On an average P4 3.2 mhz what is the ipotetic bandwidth limit (in
> > megabits)?
>
> Snort is NOT a good tool for this kind of thing, so bandwidth is
> irrelevant.
>
> Snort would only be able to log to disk a small fraction of the message
> that matched. Namely, the chunk of the datastream from stream4 that
> matched. We're talking 1.5k bytes at most.

You could use tag:session to get larger chunks.

But to be honest, the OP would be better served getting one of the various 
purpose-built email archival systems that are now available, if the driver 
is some sort of legal/regulatory reason.

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users