Snort mailing list archives
AW: what would be the appropriate thing to do?
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Fri, 5 Apr 2002 07:10:58 +0200
I'm in the same situation right now. I thought of using the following szenario: - let snort use the unified output plugin - use barnyard to send the data to a central mysql database - use stunnel to encrypt the barnyard-db connection With this configuration there shouldn't be a performance issue with snort because snort only logs locally. What could be a perfomance issue is when there are a lot of alerts to be sent to the db and the wan line is already busy, but that's another question. I will test that hopefully soon in my lab. Any comments? BTW, the barnyard homepage is http://sourceforge.net/projects/barnyard HTH, Sandro
Ok. Assuming I have setup many sensors on the main ofc and few more sensors on another branch. These sensors logs to mysql db. On the branch site, it does not log to mysql located in the main ofc. I recall a post that someone mentioned about rsync but I couldnt remember how it was used. 1. Would it be a good idea to configure branch site to log to the main site? I'm seeing performance degradation here as it will use the wan connection. 2. In just one site, say main ofc, is it a good idea to configure the sensors to log to a main mysql server? 3. What would be the best design of snort if I will install if the network is Enterprise. Thanks. Neil _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: what would be the appropriate thing to do? Poppi, Sandro (Apr 04)
- Re: what would be the appropriate thing to do? Onie Camara (Apr 04)
- <Possible follow-ups>
- AW: what would be the appropriate thing to do? Poppi, Sandro (Apr 04)
- Re: what would be the appropriate thing to do? Onie Camara (Apr 04)
- AW: what would be the appropriate thing to do? Poppi, Sandro (Apr 04)
- maxsize of mysql db? Onie Camara (Apr 04)
- Re: maxsize of mysql db? Chris Adams (Apr 14)
- maxsize of mysql db? Onie Camara (Apr 04)