RE: Snort from a live Distro, rolling logs? No internal storage...

["Hazel, Scott A." <Scott.Hazel () unisys com>]

Hey Jason. 

Check out knoppix-std.  It has what you're asking for and more. I've
used this in the past and you can turn on the entire IDS package (Snort,
ACID, MySQL) with a single command.  Also helpful to use a USB key or
something similar to store config files, scripts, etc.  One caveat I've
noticed is a constant need to read from the CD for performing system
commands, etc. Performance can lag due to this. I'm sure someone else on
this list is more Unix savvy than me and can offer a way around this.
Seems like if you have enough RAM you can get around this problem to
some degree.  Anyway, hope this helps. 

http://www.knoppix-std.org/

Scott H.  

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason
Humes
Sent: Friday, October 22, 2004 8:16 AM
To: 'snort-users () lists sourceforge net'; 'Ring-of-fire () yahoogroups com'
Subject: [Snort-users] Snort from a live Distro, rolling logs? No
internal storage...

Hi
So I've been given a pretty beefy server (with no internal storage) and
was wondering if there is a live linux distro with snort and acid and
mysql all ready to go ( I know that phlak has snort, but I'm not sure
about the acid mysql part).  Also, is there any way to have snort use
some sort of rolling log file (we've got 512MB of RAM and would like to
use that for logging).
Thanks for any help or ideas.

--

Jason 


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give
us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find
out more http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users