RE: Feature Request?

[Kevin Brown <Kevin.M.Brown () asu edu>]

Well, I did have a cron job monitoring for snort, but every few days the
thing would actually fire off a new copy of snort even though it was already
running.  I check on snort daily since my machine is always ssh'd into it.
Just type top and see snort chugging away at the top of the process list
(80% CPU usage on a Sparc IIe 500MHz Netra T1).

-----Original Message-----
From: Chris Green [mailto:cmg () uab edu]
Sent: Monday, July 02, 2001 10:48
To: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Feature Request?


Kevin Brown <Kevin.M.Brown () asu edu> writes:

> I was wondering how hard it might be to implement something within snort
as
> part of the logging features.  The snort box that I run here connects to a
> remote database to log alerts.  The problem is that for various reasons
> (firewall crashing, servers being rebooted, etc...) snort looses
connection
> with the SQL db and then the snort process dies.  A possible feature that
> could be useful for others who might be in a similar situation would be
some
> way to cache the inserts until such a time as the server comes back online
> and then the data could be sent.

That's going to be done when Spo_unified is used for logging and then
barnyard will be able to do the blocking process ( and possibly block
for a long time as you've found out ) of inserting .

I would recommend something to check on the snort process more often
than every time you are in town :)
-- 
Chris Green <cmg () uab edu>
"I'm beginning to think that my router may be confused."

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users