Snort mailing list archives
AW: (Snort-users) Log analysis tools
From: <sandro.poppi () wacker com>
Date: Thu, 06 Sep 2001 15:52:00 +0200
Try ACID. It's not that simple to install because ofvarious support packagesneeded and it's database related, but you get all alertswhen they happen/nearly realtime) and it can be queried via a browser. ACID can be found on http://www.cert.org/kb/acid/Thank you for replying and this info. Is ACID a memory hog?
Well, I'm running snort on 4 interfaces (100 MBit/s FD, average to low utilization) and also SnortSnarf and ACID including a mysql database all on a PIII/800 with 256 MB RAM. I did not have any memory or cpu probs yet (pssst: I'm running also ntop to get infos about the utilization of the interfaces on the same machine, but please don't tell it to others >8).
SnortSnarf needs lot of tuning up(that is another discussion). I would assume that such (ACID) setup would be on a different box and not on the Snort agent itself.
Of course this is a better solution especially if you are using more than one snort sensor to log into the same database. But as said before, no probs yet.
Thank you once again.
Anytime, Sandro _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Log analysis tools sandro.poppi (Sep 06)
- Re: (Snort-users) Log analysis tools Subba Rao (Sep 06)
- <Possible follow-ups>
- AW: (Snort-users) Log analysis tools sandro.poppi (Sep 06)
- RE: AW: (Snort-users) Log analysis tools Fraser Hugh (Sep 07)