Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone using "Enterprise implementation"?

From: Herve Debar <herve.debar () francetelecom com>
Date: Wed, 27 Aug 2003 15:39:50 +0200
Emre Bastuz wrote:

Any solution or suggestion? Even links, faq´s and docs I might have missed are
very welcome :)
We are working on an ACID-like php interface, coupled to a postgres database. This should give us the capability to handle multi-million alert databases. This works with both mysql and postgresql through the adodb abstraction layer.
In addition, the tool will come with a set of correlation functions that will automatically archive alerts in a second database once the correlation process feels that they are no longer relevant. These scripts use postgres-specific time functions for the moment, so there is going to be a portability issue here.
BIG CAVEAT: we do not use the standard snortdb schema, but have our own log importer from flat/syslog files. This importer also handles other log formats. 

More info will come as soon as the code is available.

Hervé
--
Hervé Debar             <mailto:herve.debar () francetelecom com>
Tel: +33 (0)2 31 75 92 61            GSM: +33 (0)6 74 09 09 66
France Télécom R&D                   Fax: +33 (0)2 31 75 93 13
42 rue des Coutures  (--)  BP 6243  (--)  F-14066 Caen Cedex 4



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: