Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Announce: FLoP-1.2.0

From: Dirk Geschke <dirk () geschke-online de>
Date: Thu, 1 Apr 2004 00:05:12 +0200 (CEST)
Hi all,

maybe someone is interested in the new release of FLoP, 
the Fast Logging Project for snort.

With FLoP alerts generated via snort are written to a 
unix domain socket, there a threaded process reads these 
alerts, buffers them in memory if necessary and forwards 
them to a central server. 

On the central server another threaded process gathers 
these alerts, buffers them in memory if necessary and 
stores them via an unix domain socket to either a MySQL 
or PostgreSQL database.

The major changes between version 1.0 and 1.2 are:

 + A handshake mechanism is added between the remote  
   sensors and the central server.

 + If the database is not available any connection   
   from a remote sensor is temporarily refused.

 + If the databas dies during inserts all connections
   to remote sensors are canceled, the buffere alerts
   are written to a sensor based swap file.

 + If the database is available again and a remote 
   sensor reconnects we first check for the presence
   of a swap file for this sensor. If such a file
   is there we first read in these alerts from the
   file and then accept connections from the sensor.
   This way the possible lost of information should
   be minimized.

 + The database scheme as used by ACID can be extended 
   by a few columns. In these columns additional packet 
   informations can be stored. With these additional
   data and the program "getpacket" the full pcap file
   can be reconstructed which is capable to be analyzed
   with tcpdump or ethereal.

All this and additional information can be found at:

    http://www.geschke-online.de/FLoP

Best regards

Dirk Geschke


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: