Re: [Snort-users] data from multiple sessions in one alert/packet
This is a discussion on Re: [Snort-users] data from multiple sessions in one alert/packet within the Snort forums, part of the System Security and Security Related category; On Thu, May 18, 2006 at 02:07:08PM -0400, Joel Esler wrote: > Jon, > > What type of ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-18-2006
|
|||
|
|||
Re: [Snort-users] data from multiple sessions in one alert/packet
On Thu, May 18, 2006 at 02:07:08PM -0400, Joel Esler wrote:
> Jon, > > What type of output module are you using? > > Joel I'm using the database output plugin. I know that can be a problem under high load, right? Is that high alert load or just high pps load in general? My signatures are fairly tight so we get maybe 10-20 hits/hour, though occassionally we'll get a peak when someone scans us for something. I had been using barnyard, but dumped it while attempting to debug another problem. If barnyard will help here, I'll do that again. -jon ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
