Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems about snort in enterprise environment

From: Brian <bmc () snort org>
Date: Thu, 7 Nov 2002 17:50:33 -0500
On Thu, Nov 07, 2002 at 02:41:59PM -0800, Erek Adams wrote:

My suggestion:  Don't waste time building a box with 'everything'.  Just
install snort on your sensors and nothing else.  Have all of your sensors
use Barnyard and log to a remote/central DB server and on the DB server
install ACID.  The 'leaner and meaner' you make your sensors the faster
they will be able to run and work.


And actually, that works for everything involved.

A DB box will run faster if it doesn't have to sniff packets, just like
a sniffing box will run faster if it doesn't have to do DB stuff.

-brian


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: