Re: new user, great product, but ...

[Erek Adams <erek () snort org>]

On Tue, 22 Apr 2003, Allen, Garrett wrote:

> installed version 1.9.1 (build 231) of the pink beastie.  very interesting
> results captured from our network.  pointed to a potential issue with xp
> configs.  i'm generating log files, haven't quite got the mastery of mysql
> installation yet.  anyways, here's the question:
>
> the very day i started using snort for real was the day one of our wandering
> sales minstrals returns with an ms-sql worm.  it momentarily shut down our
> net when he fired up his machine, then went for coffee, flooding the network
> with traffic as a worm is want to do.  we were able to quickly detect where
> the problem originated from and shut the machine down.  but in the meantime
> snort generated enough log files to fill /var.  ouch.  any way to slow down
> the volume of log entries?  any other operational tips?

Two:
        *  Save headache and move on to 2.0.  It was released on 4/14.
        *  Consider using 'unified' logging [0].  It can help with the log
rotation headache.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.9


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users