Re: Alerts not Detected during Import?

[Erek Adams <erek () snort org>]

On Thu, 26 Jun 2003, Dusty Hall wrote:

>   Thanks for the Enlightening Answer, it all makes sense now.  I guess
> the only way to fix this is to change the output on Snort1 to point
> directly to the DB server?

You actually have a couple of options:

*  DB Output directly to the DB server
*  Use Barnyard and unified logging
*  Log all traffic to disk and have snort2 parse that data.

Option 3 isn't realistic unless you've got just a little traffic or a
whole lot of disk space.

I'm guessing that you might want to use Barnyard.  It has the handy
feature of being able to handle network failures to the DB server.  If you
do that, you could still log to pcap and save the pcap files to CD/DVD for
archival purposes.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users