Snort mailing list archives
Re: Pushing raw tcpdump data into database is extremely slow
From: Thomas Novin <thnov () thalamus se>
Date: Wed, 21 Nov 2001 17:29:16 +0100
Yes, that was the idea. But I'm looking into other solutions now. Heard sawmill could keep up with GB throughput...
At 17:13 2001-11-21 +0100, you wrote:
Am i wrong, or are you trying to log ALL the traffic on your network into the database??? (e.g. log tcp any any -> any any (msg:"tcp";) Snort wasn't created for this, perhaps you should use something else or stick with tcpdump. (maybe you need something like they use for Echelon :-) Maybe I don't understand you, or you don't understand snort. That's also possible. ;-)
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Pushing raw tcpdump data into database is extremely slow Thomas Novin (Nov 21)
- Re: Pushing raw tcpdump data into database is extremely slow Edwin Eefting (Nov 21)
- Re: Pushing raw tcpdump data into database is extremely slow Thomas Novin (Nov 21)
- Re: Pushing raw tcpdump data into database is extremely slow Andrew R. Baker (Nov 21)
- Re: Pushing raw tcpdump data into database is extremely slow Phil Wood (Nov 21)
- Re: Pushing raw tcpdump data into database is extremely slow Edwin Eefting (Nov 21)