Snort mailing list archives
Re: Email
From: Jason Haar <Jason_Haar () trimble com>
Date: Thu, 30 Aug 2012 12:09:28 +1200
On 30/08/12 11:51, Greg Williams wrote:
If it were me, I would not do a db search, the database is already processing stuff. I would have scripts on all your sensors, monitor the alert log, and clean the alert log every 5 minutes when the grep is complete. Saves processing power by only searching the last 5 minutes instead of the entire db.
Wouldn't this be a good output option for barnyard2? I'd love barnyard to be able to pipe a "snort packet" and metadata at a random program - so it can for example send an email containing the pcap as an attachment - or post-processes that packet and decides it's a FP and drops the whole email alert Hmmm, I'll bring this up on the barnyard2 list :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!