RE: [output] Log application data into the database

["Emmanuel Dardaine" <emmanuel.dardaine () smart-telecom ch>]

Hi Brian,

Well, of course, we're already logging some data in the servers. But, the
fact is that we have to log multiple type of trafic at separate places (for
example, POP3/IMAP + Radius at one place, Radius + SMTP at another place).
Moreover, the softwares used may differ from place to place, thus forcing us
to develop different tools or add-on for each server (Cistron, Netscape,
Courrier, etc...).

To sum up, we're facing 2 issues:
- the environment is widely distributed
- the environment is widely heterogeneous

As a conclusion, we decided to log information from the wire. As this log is
based on protocols (and not on softwares), we're independent from the softs
we use. Moreover, as Snort can be implemented on a distributed model, this
is definitely the solution.

Regards,
Emmanuel

> -----Message d'origine-----
> De : snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]De la part de Brian
> Envoye : lundi, 31. mars 2003 22:31
> A : Emmanuel Dardaine
> Cc : snort-users () lists sourceforge net; Nicolas STRINA
> Objet : Re: [Snort-users] [output] Log application data into the
> database
>
>
> On Mon, Mar 31, 2003 at 01:47:45PM +0200, Emmanuel Dardaine wrote:
> > As an ISP, we'll be soon forced to log all Radius, SMTP, POP3,
> IMAP and DHCP
> > headers on our network for 6 months.
>
> Uh, why don't you configure your servers to log this information
> instead of
> using an IDS?   I would think it would be MUCH easier to log the
> information
> you need on the server rather than sniffing on a network.
>
> -brian
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users