Snort mailing list archives

RE: Using Snort as IDS + packet logger

From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Wed, 15 Oct 2003 18:53:03 -0700 (PDT)

Damiano,

I suggest running a completely separate process to log
packets.  On Windows 2000 use Windump
(http://windump.polito.it/).  Better yet, if you're
trying to get "statistics," log traffic on a
completely different box, preferably running a BSD or
Linux distro.  This sort of diversity of collection
can save your bacon if an adversary takes down your
Snort implementation.

Sincerely,

Richard Bejtlich
http://taosecurity.com

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Using Snort as IDS + packet logger Damiano Bolzoni (Oct 15)
- Re: Using Snort as IDS + packet logger Scot Scot (Oct 16)
- <Possible follow-ups>
- RE: Using Snort as IDS + packet logger Richard Bejtlich (Oct 15)
- RE: Using Snort as IDS + packet logger grant (Oct 16)