Snort mailing list archives
Snort Sniffing vs. Snort Database
From: "Jan van den Berg" <jan () e-commercepark com>
Date: Fri, 7 Mar 2003 16:12:46 -0400
Hi there, I've read a few docs on the best installation of Snort for a network and it struck me that the best way of installing is by making a difference in functions. Most docs have machines set up for the actual sniffing and another machine for the logging to a mysql database. My question is; why make that difference? Is this better for the performance of the sniffing functions or is this a safer way of keeping your data? Another question that comes to mind when setting up different machines is the actual logfiles. Say there a two sniffing machines; one before the firewall and one after. The one before is gonna get a lot more alerts and bigger log files. So do you set up different databases for both sniffing machines or put everything in one database. How can u keep track of the different alerts. Right now I am thinking if you have limited hardware the best place for the IDS would be after the firewall and have the database on the same machine. Opinions and thoughts please? Jan van den Berg
Current thread:
- Snort Sniffing vs. Snort Database Jan van den Berg (Mar 07)
- Re: Snort Sniffing vs. Snort Database Erek Adams (Mar 07)
- RE: Snort Sniffing vs. Snort Database Jan van den Berg (Mar 08)
- RE: Snort Sniffing vs. Snort Database Erek Adams (Mar 08)
- RE: Snort Sniffing vs. Snort Database Jan van den Berg (Mar 08)
- Re: Snort Sniffing vs. Snort Database Erek Adams (Mar 07)