Re: [Snort-Users] about capturing packets

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

+1.  I also have about 7TB and streamDB does take about a second or so to lookup stream information.  I also have 
OpenFPC running for full packet captures, and I can't remember the last time I went to those.

I have mine integrated into BASE (see the screenshot), BOTH streamdb and OpenFPC (for multiple locations).  This has 
made Snort event analysis so much easier and less time consuming.



-----Original Message-----
From: Martin Holste [mailto:mcholste () gmail com] 
Sent: Tuesday, February 14, 2012 6:58 AM

<snip>

It does all of this in less than one second even on a 10 TB data store, because the flows themselves are indexed by IP 
and timestamp.

We run full pcap alongside StreamDB and almost never need to go back and wait around to grab pcap.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!