Re: Recommended NFS configuration to store snort logs

[Joe Pampel <jpampel () paladyne com>]

> From the other side, I use NFS extensively and like it quite a bit. I have no performance issues with it in even in 
> very large deployments (although not for IDS/IPS).

That said, why aren't you using an IP socket to a back end database like MySQL?  Not sure why you would want to write 
this stuff to disk across a network when there are other cleaner and very well established options.

JM2C, ICBW,  YMMV and the usual disclaimers apply . . .


On Sep 24, 2010, at 1:25 PM, Castle, Shane wrote:

> I'm sorry; I can't recommend using NFS for anything, much less real-time
> writing of high-output logs.
>
> --
> Shane Castle
> Data Security Mgr, Boulder County IT
> GSEC GCIH
>
>
> -----Original Message-----
> From: carlopmart [mailto:carlopmart () gmail com]
> Sent: Friday, September 24, 2010 11:15
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Recommended NFS configuration to store snort
> logs
>
> carlopmart wrote:
> > Hi all,
> >
> > I need to store all logs from 5 CentOS snort sensors over a NFS
> shared
> > storage. NFS servers are CentOS 5.5. Which could be the best
> > configuration for this scenario: NFSv3 or NFSv4?? Do i need to put
> some
> > special param to increment write/reads from sensors??
> >
> > many thanks.
>
> Any hints, please?
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> ------------------------------------------------------------------------
> ------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


The information contained in this correspondence is intended solely for the person or entity entitled to receive the 
confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone 
other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, 
please destroy and/or delete this correspondence and the attachment(s).

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users