Re: Log everything for billing purposes

[Matt Kettler <mkettler () EVI-INC COM>]

Since you really want bandwidth accounting, not packet logging, I'd suggest 
using tools designed for accounting, not IDS's.

Using snort this way won't make you happy, as it tends to loose packets 
when it tries to log everything. Even tcpdump would be orders of magnitude 
better as it handles high load better (it doesn't do text searches). But 
let's face it..  that's _really_ silly.

Most other modern kernel-level packet filter tools have very good 
accounting capabilities and even traffic shaping capabilities. Look at 
Linux's IPTables and the BSD's IPF.. they should be able to do what you 
want, and aren't going to have to log every packet that goes by to do it.

At 05:09 PM 4/3/2003 -0800, Ross Davis - DataAnywhere wrote:
> If snort is not a good way to log the traffic, does anyone know of a
> good (and inexpensive) traffic accounting program?



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users