Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Antwort: Re: Don't create directories on special events ?

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 8 Aug 2001 14:19:22 -0700 (PDT)
On Wed, 8 Aug 2001 ks () schuricht de wrote:


But the 'ASCII'-Dump is so easy to read :) Hmm..is this really a
problem ? I read the manual to understand what you write. Thanks!


Here's what I've done on larger nets:  One snorter logging binary.  Then after
a interval, a analysis station goes out grabs the binary log and restarts
snort.  Then run a snort on the analysis box to break it down into the dirs by
ip.

Quite honestly, the view from ACID is one of the best that I've seen!  Great
job on that Roman!  Have a look at http://acid.sourceforge.net/ if you haven't
already.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: