Snort mailing list archives
Data Collection Help
From: Lance Spitzner <lance () honeynet org>
Date: Wed, 21 Nov 2001 08:50:27 -0600 (CST)
The Honeynet Project is beginning to collect data from various distributed Honeynets. One of our primary weapons for data capture is Snort. Question, what are some of the best practices for data collection for distributed Snort sensors? We are currently doing the following, any additional ideas GREATLY appreciated. - MySQL backend for Snort alerts, ACID interface - Daily copy of Snort binary log files If you have any more recommendations on what Snort data should be collected, in what format, or how it can be organized, that would be greatly appreciated. For example, are there any options besides ACID? Instead of flooding the the maillist, it may be better if you send your suggestions to me directly. We (the Project) will then play around and see what works best. Once we have established our own best practices, we will be more then happy to release a paper on it. Thanks! -- Lance Spitzner http://project.honeynet.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Data Collection Help Lance Spitzner (Nov 21)
- Re: Data Collection Help Andrew R. Baker (Nov 21)