Snort mailing list archives
BASE and Snort FQDN Resolution Question
From: IT Security <itsecurity () radford edu>
Date: Tue, 29 Jun 2010 16:21:40 -0400
There is a setting in base_conf.php the determines whether BASE resolves FQDN's or not (it is off by default in the most recent version of BASE). We have this setting turned on and it seems to work fine. The question we are asking is... When does the name resolution actually occur? Does it occur when BASE is made aware of the incident? This is my guess, and if that is true, then in our environment it would be possible for changes to occur between the incident time and the name resolution time (we store Snort logs for many hours or days before BASE is made aware of them). Just wondering if other Snort users who run BASE had ran into and answered this already. Thanks! ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BASE and Snort FQDN Resolution Question IT Security (Jun 29)