Snort mailing list archives
Re: snort+mysql+acid
From: Dustin Decker <dustind () moon-lite com>
Date: Tue, 4 Feb 2003 20:38:03 -0600 (CST)
On Tue, 4 Feb 2003, Alan McCarty wrote:
I'd like to know if anyone has come up with a simple solution to centralized instant notification of alerts, other than logwatchers, etc.
[snip]
I imagine this has been considered, but is there a good reason why it hasn't been implemented in any way? It seems like an elegant add-on to what is so far a very solid IDS solution.
One of the primary reasons might very well be the push vs. pull issue. Unless you have your signatures absolutely perfected, push based alerts such as you are describing here have an active life cycle of a couple of weeks. After that period of time, folks start to ignore them, particularly if a large percentage are turning out to be false positives. I've found that pull based solutions are more fruitful - although I conceed that it's good to be notified of the _really serious_ alerts ASAP. Just my $.02 Dustin -- *-----------------------------------* | Dustin Decker | | dustind () moon-lite com *-----------------------------------------* | http://www.dustindecker.com | He who knows nothing, knows nothing. | | Moon-Lite Computing | But he who knows he knows nothing knows | | 913.579.7117 | something. And he who knows someone | *-----------------------------| whose friend's wife's brother knows | | nothing, he knows something. Or some | | thing like that. | *-----------------------------------------* ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort+mysql+acid Alan McCarty (Feb 04)
- Re: snort+mysql+acid Dustin Decker (Feb 04)
- <Possible follow-ups>
- RE: snort+mysql+acid Scott, Joshua (Feb 04)
- MySql and Snort Cilin (Feb 05)
- Re: MySql and Snort Anne Carasik (Feb 05)
- Re: MySql and Snort Cilin (Feb 07)
- MySql and Snort Cilin (Feb 05)