Re: data from multiple sessions in one alert/packet

[Jon Hart <jhart () spoofed org>]

On Thu, May 18, 2006 at 02:07:08PM -0400, Joel Esler wrote:
> Jon,
>
> What type of output module are you using?
>
> Joel

I'm using the database output plugin.  I know that can be a problem
under high load, right?  Is that high alert load or just high pps load
in general?  My signatures are fairly tight so we get maybe 10-20
hits/hour, though occassionally we'll get a peak when someone scans us
for something.

I had been using barnyard, but dumped it while attempting to debug
another problem.  If barnyard will help here, I'll do that again.

-jon


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users