Snort + Acid + lots of data

[Galileo <bugtrap () mailandnews com>]

Hello snort-users,

  I want to do a litle test. I want to test how fast ( and useable)
  acid combined with snort loging to a mysql database can be.
  So far I have used this combination on a home computer and
  everything worked without much trouble.
  Now I'm trying to setup the the same combination on a web server.
  This box has a lot of trafic and a lot of alerts and data is loged but I want to generate even more.
   So far I have done this :
  all alerts and loging are going in to a mysql database plugins vere
  setup like this :

output database: log, mysql, user=xxx password=xxx dbname=snort host=localhost detail=full encoding=ascii
same for alert
snort is started with snort -D -d -e -a -I -X -y -c snort.conf
database was created with create_mysql and snortdb-extra.gz from
/contribs/ of snort.

  I didn't know how to put portscan data in to the database. All the
  plugins except minifrag and spade,( btw spade can't log to a mysql
  database ? ) are used. All the rules are used except policy.rules.
  Any sugestions ?
  P.S. I want to log everything to a mysql database I hate tail -f.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users