Snort mailing list archives
Re: Snort to Oracle
From: Nicholas Bachmann <nbachmann () mail davison k12 mi us>
Date: Fri, 03 Jan 2003 13:07:53 -0500
Steven Rudolph wrote: > Does anyone have any tips/tricks on getting snort to send logs to oracle? > http://www.snort.org/docs/snortdb/snortdb.html It's a great guide. > > I am getting well over 15K detected attempts a day and my database > grows too quickly for MySql to handle (my current setup) > Have you tuned your rules? Are you geting 15,000 alerts or 15,000 alerts you want to look at? Using something like Oinkmaster to update and disable rules can help keep you current and more false-alert free. > I have been using the Acid front end to help analyze > Have you set up an archive database? This can help keep load on your production database low as well. -- Nick Nicholas Bachmann, SSCP Tech Department Davison Community Schools ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort to Oracle Steven Rudolph (Jan 03)
- Re: Snort to Oracle Nicholas Bachmann (Jan 03)
- Re: Snort to Oracle Steve Suehring (Jan 03)
- <Possible follow-ups>
- RE: Snort to Oracle O'Flynn, Derek (Jan 03)
- RE: Snort to Oracle Steven Rudolph (Jan 03)
- RE: Snort to Oracle Kreimendahl, Chad J (Jan 03)
- RE: Snort to Oracle Kreimendahl, Chad J (Jan 03)
- Re: Snort to Oracle Nicholas Bachmann (Jan 03)