Snort mailing list archives
Re: [Snort-Users] about capturing packets
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 14 Feb 2012 10:17:29 -0700
+1. I also have about 7TB and streamDB does take about a second or so to lookup stream information. I also have OpenFPC running for full packet captures, and I can't remember the last time I went to those. I have mine integrated into BASE (see the screenshot), BOTH streamdb and OpenFPC (for multiple locations). This has made Snort event analysis so much easier and less time consuming. -----Original Message----- From: Martin Holste [mailto:mcholste () gmail com] Sent: Tuesday, February 14, 2012 6:58 AM <snip> It does all of this in less than one second even on a 10 TB data store, because the flows themselves are indexed by IP and timestamp. We run full pcap alongside StreamDB and almost never need to go back and wait around to grab pcap.
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-Users] about capturing packets Kevin Ross (Feb 13)
- <Possible follow-ups>
- Re: [Snort-Users] about capturing packets Joel Esler (Feb 13)
- Message not available
- Re: [Snort-Users] about capturing packets Kevin Ross (Feb 14)
- Re: [Snort-Users] about capturing packets Martin Holste (Feb 14)
- Re: [Snort-Users] about capturing packets Jefferson, Shawn (Feb 14)
- Message not available