Re: [Snort-users] Using snort as connection tracker
This is a discussion on Re: [Snort-users] Using snort as connection tracker within the Snort forums, part of the System Security and Security Related category; On 28 Dec 2004 23:43:17 +0100, Jose Maria Lopez <jkerouac@bgsec.com> wrote: > El dom, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-29-2004
|
|||
|
|||
Re: [Snort-users] Using snort as connection tracker
On 28 Dec 2004 23:43:17 +0100, Jose Maria Lopez <jkerouac@bgsec.com> wrote:
> El dom, 19 de 12 de 2004 a las 16:15, Klemen Mihevc escribiC3: > > now i have a problem couse every packet is logged (and logs are huge) > > even if it's only about 1k big and it is product of outside scan of > > server not actual connection to it. Is there anyway to log only first > > and last package from 1 ip and only if data transfer is bigger then > > let's say 5k? Or maybe anyother way to log that connections? I also > > tryed with chaosreader & tcpdump but this method is too much cpu & ram > > consuming and i also tried with iptable but again with same problem > > (every package is logged). I relay wanna use snort because i can use > > mysql & acid for statistic... How about using SanCP for the job? The output can easily be imported to a database and it doesn't log every packet (unless you ask for it). Another solution is to use Argus, or use stream4's session logging... I know how you feel, you like snort and are comfortable using it. But Snort is not a silver bullet - nothing is. You locate and use the best tool for the job, and it may or may not be something you already know. I know that I spend a considerable amount of time learning about new tools and techniques, and yet I've much left to learn (which why I like InfoSec in the first place - you never get the time to become bored).... Best regards Michael Boman ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
