|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: [snort] Back home....
From: Mullen, Patrick (Patrick.Mullen
GD-CS.COM)Date: Tue Mar 07 2000 - 08:35:28 CST
- Next message: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- Previous message: Scott A . McIntyre: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
- Maybe in reply to: Martin Roesch: "[snort] Back home...."
- Maybe reply: Mullen, Patrick: "RE: [snort] Back home...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> "Alert occurred so start logging". The other method would require
> complexities that I'm not prepared to think about at 1:15AM. A
> read-ahead/read-back buffer concept is something that may be
> doable, but
> I think the performance hit that the system would take as a
> result would
> be pretty severe.
Now that I think about it, I think the best solution to what
I was thinking would probably be to log everything then have
some helper utility go back and clean up your logs nightly.
>
> Plus, how many packets do you keep in a "window"?
Sounds like a configuration option to me. :)
~Patrick
- Next message: Stuart Staniford-Chen: "[snort] Rapidnet sig error?"
- Previous message: Scott A . McIntyre: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
- Maybe in reply to: Martin Roesch: "[snort] Back home...."
- Maybe reply: Mullen, Patrick: "RE: [snort] Back home...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]