Help needed: Performance Check & Traffic Capture

[Marc Dreher <MarcDreher () gmx net>]

Hi all,

first, happy new year to everybody :-)

Now my questions. I have played with snort a bit and like it very much and
currently there are two issues I could not get an answer for so far.
1) Is it possible to check snorts performance (if packets are dropped,how
many) while running it in IDS mode. Running in packet logger mode I get this
information but I think performance is quite a bit lower when running in IDS
mode and logging to a database.

2) Also about IDS mode. Often I think it would be very usefull if I had the
traffic preceeding and following an alert, and not only the packet which
caused the alert. Fast logging format would be enough. Is there a recomended way
or possibility to achive this in IDS mode or do I have to run a second
instance of snort for this (which wouldn't do performance to good I guess)

Sorry if these questions have been posted before but I didn't find an easy
way to search the archive at geocrawler (is there one?)

Thanks for any help

Cheers

Marc

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users