RE: Alert caching for ACID as a cron job

["Reeves, Michael (GEAE, Compaq)" <michael.reeves () ae ge com>]

Yea.. But that wouldn't be as cool...  :)

Mike


-----Original Message-----
From: Steve Halligan [mailto:agent33 () geeksquad com]
Sent: Monday, September 17, 2001 1:59 PM
To: 'Reeves, Michael (GEAE, Compaq)';
'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Alert caching for ACID as a cron job



> I have a sensor that sits on a 100mbit pipe and I get TONS of 
> events. The
> problem I am running into is that each day when I get in I 
> have to wait for
> it to cache a few hunderd thousand events. Looking into the 
> alert_cache.inc
> I see the code but I don't have an environment to test it. (I 
> had to fight
> for the linux boxes I have now) Does anyone have a shell 
> script that does
> this already that you run as a cron job? I want to run one 
> every 15 minutes
> or so.. Any info would be great..

You could just leave the Last XX alerts page open on a machine.  It
refreshes, and therefore populates the cache, every x seconds.

-Steve 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users