RE: Snort & Oracle

["Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>]

We use Oracle 9i (9.0.1) on solaris 8...  We've written a management tool of
our own that allows us to do configuration of the sensors as well.  My major
suggestion is that if you plan on doing a fair amount of reporting or
queries on the database, that you index the hell out of it.  Specifically,
any column in a table that links (joins) to another table, could be sorted
or searched upon, should be indexed.   I'm not sure how much you know of
oracle, but depending on how much data you plan on having, and how often
you'll clean it up, you may want to consider using separate disk on which to
put your tablespace.  And if it's even heavier use, separating logs
(rollback and the like) onto even another disk.

Then again, we're paranoid...

-CJK

-----Original Message-----
From: Dan McIntosh [mailto:d.mcintosh () computer org]
Sent: Thursday, February 28, 2002 6:27 PM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Snort & Oracle


I plan to configure snort to log to an Oracle 8.17 (Linux) database.  I
would be interested if anyone else is doing this and if they have any
suggestions, pointers or can point me to any FAQs, etc.

Also, are there any tools (like Acid) that work with snort data in
Oracle?



 ..Thanks, Dan


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users