Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: fast logging

From: Bamm Visscher <bamm () satx rr com>
Date: Thu, 27 Feb 2003 08:00:15 -0600
Using snort to insert alerts into the DB is going to be slow. You want to utilize the unified output format in snort 
and then use Barnyard to insert the alerts into the DB. Unfortuneately there isn't a lot of documentation for Barnyard 
(yet). Try searching the mailing list archives. There are also  BY specific mailing lists too (barnyard-users, 
barnyard-devel).

Bammkkkk

On Thu, Feb 27, 2003 at 10:34:11AM +0000, Always Bishan wrote:

hi
I read in one of the articles on net that snort drops
packets and fails at high speeds about 100mbps speed.

Is it right?

In snort user manual I found that this command:
./snort -b -A fast -c snort.conf
can log even at 80mbps.

When i stop this process, it puts the alert in
/var/log/snort/alert
but, I want it to be put in Mysql snort database,
which i accessby acid.

Now what to do to put these fast logged alerts to
snort database.

Regards,
Bishan




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: