Snort mailing list archives
Data archiving
From: Sammy <sammy7887 () yahoo com>
Date: Wed, 19 Mar 2003 12:53:17 -0800 (PST)
I'd like to get an idea of what people are doing regarding archiving their snort data. How long do you keep data online and then what are you doing with it? Are people archiving to tape w/ encryption? Also, if anyone is using Snort for capturing all packet traffic, how do you deal with the tremendous amount of traffic generated? I'd like to set up my system so that I can go back as far as possible to look through both alerts as well as all packet data but I'm finding it really hard to deal with the large amounts of data (one of my switches has about 20GB/hour running through it). In the event of a break-in, since I wouldn't know how long the system has been compromised, I need to go back as far as possible. Any advise/assistance is greatly appreciated! Thanks. Sammy --------------------------------- Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Current thread:
- Data archiving Sammy (Mar 19)
- Re: Data archiving Erek Adams (Mar 19)
- <Possible follow-ups>
- RE: Data archiving Bob McDowell (Mar 19)
- RE: Data archiving Gordon Cunningham (Mar 19)
- Re: Data archiving Erick Mechler (Mar 21)