Data archiving

[Sammy <sammy7887 () yahoo com>]

I'd like to get an idea of what people are doing regarding archiving their snort data.  How long do you keep data 
online and then what are you doing with it?  Are people archiving to tape w/ encryption?  Also, if anyone is using 
Snort for capturing all packet traffic, how do you deal with the tremendous amount of traffic generated?  I'd like to 
set up my system so that I can go back as far as possible to look through both alerts as well as all packet data but 
I'm finding it really hard to deal with the large amounts of data (one of my switches has about 20GB/hour running 
through it).  In the event of a break-in, since I wouldn't know how long the system has been compromised, I need to go 
back as far as possible.  Any advise/assistance is greatly appreciated!  Thanks.

Sammy



---------------------------------
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!