Snort mailing list archives

Re: fast logging

From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 27 Feb 2003 11:22:06 -0500

It depends on a huge number of factors, including what hardware/OS you're
on, how fast your harddrive is, how much RAM you have, what rules you're
running, etc.

Sounds like you should be thinking about using Barnyard to write to MySQL
for ACID...

     -Marty


On 2/27/03 5:34 AM, "Always Bishan" <bishan4u () yahoo co uk> wrote:

hi
I read in one of the articles on net that snort drops
packets and fails at high speeds about 100mbps speed.

Is it right?

In snort user manual I found that this command:
./snort -b -A fast -c snort.conf
can log even at 80mbps.

When i stop this process, it puts the alert in
/var/log/snort/alert
but, I want it to be put in Mysql snort database,
which i accessby acid.

Now what to do to put these fast logged alerts to
snort database.

Regards,
Bishan

=====
Celebrating Happinessemail: bishan@sumerusolutions.comcompany:
www.sumerusolutions.com

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

fast logging Always Bishan (Feb 27)
- Re: fast logging Bamm Visscher (Feb 27)
- Re: fast logging Martin Roesch (Feb 27)
  - Re: fast logging Always Bishan (Feb 27)