BASE and Snort FQDN Resolution Question

[IT Security <itsecurity () radford edu>]

There is a setting in base_conf.php the determines whether BASE resolves
FQDN's or not (it is off by default in the most recent version of BASE).
We have this setting turned on and it seems to work fine. The question
we are asking is... When does the name resolution actually occur?

Does it occur when BASE is made aware of the incident? This is my guess,
and if that is true, then in our environment it would be possible for
changes to occur between the incident time and the name resolution time
(we store Snort logs for many hours or days before BASE is made aware of
them).

Just wondering if other Snort users who run BASE had ran into and
answered this already.

Thanks!

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users