Snort mailing list archives
Re: data from multiple sessions in one alert/packet
From: Jon Hart <jhart () spoofed org>
Date: Thu, 18 May 2006 18:11:36 -0400
On Thu, May 18, 2006 at 02:07:08PM -0400, Joel Esler wrote:
Jon, What type of output module are you using? Joel
I'm using the database output plugin. I know that can be a problem under high load, right? Is that high alert load or just high pps load in general? My signatures are fairly tight so we get maybe 10-20 hits/hour, though occassionally we'll get a peak when someone scans us for something. I had been using barnyard, but dumped it while attempting to debug another problem. If barnyard will help here, I'll do that again. -jon ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- data from multiple sessions in one alert/packet Jon Hart (May 17)
- Re: data from multiple sessions in one alert/packet nikns (May 17)
- Re: data from multiple sessions in one alert/packet Jon Hart (May 18)
- Re: data from multiple sessions in one alert/packet Joel Esler (May 18)
- Alert Suppresion Fail kritikus Araklidas (May 18)
- Re: Alert Suppresion Fail Joel Esler (May 18)
- Mail Notification Fail kritikus Araklidas (May 22)
- Re: data from multiple sessions in one alert/packet Jon Hart (May 18)
- Re: data from multiple sessions in one alert/packet Joel Esler (May 18)
- Re: data from multiple sessions in one alert/packet Jon Hart (May 18)
- Re: data from multiple sessions in one alert/packet nikns (May 17)