osdir.com
mailing list archive
Mozy Online Backup: 2GB Free. Automatic. Secure.

Subject: Re: spo_database vs prelude and other output plugins - msg#00046

List: security.ids.snort.devel

Date: Prev Next Index Thread: Prev Next Index


Martin Olsson wrote:
...

> What alternative should one use today? I have ~50 sensors in different
> countries. I need a nice frontend that can serve all sensors.

You can use unified output. With this you can process the binary unified
files with barnyard and use your existing setup.

http://www.snort.org/dl/barnyard/

...


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642


Was this page helpful?
Yes No
Thread at a glance:

Previous Message by Date: click to view message preview

spo_database vs prelude and other output plugins

I got two recommendations not to use spo_database... Dirk Geschke wrote: BTW: I would not use the database output plugin, use something which is decoupled. If the database hungs or gets restarted you will run into big problems... Eric Lauzon wrote: I dont know about your setup but from experience , i would tell you to stay away from spo_database.c , as logging to a DBMS is a blocking call and as a drawback if your database has some performance issue or if your monitored network interface receive a burst of packets you might have some drops, even with buffered lib pcap this issue may happen. What alternative should one use today? I have ~50 sensors in different countries. I need a nice frontend that can serve all sensors. Prelude seem to be the best choice from a redundant point of view. Any drawbacks with prelude compared to other output plugins? /Martin ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Next Message by Date: click to view message preview

RE: spo_database vs prelude and other output plugins

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: snort-devel-admin@xxxxxxxxxxxxxxxxxxxxx > [mailto:snort-devel-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of > Martin Olsson > Sent: 25 janvier 2006 07:10 > To: snort-devel mailinglist > Subject: [Snort-devel] spo_database vs prelude and other > output plugins > > > > What alternative should one use today? I have ~50 sensors in > different countries. I need a nice frontend that can serve > all sensors. > > Prelude seem to be the best choice from a redundant point of > view. Any drawbacks with prelude compared to other output plugins? > > /Martin > I would recommend the same as jason , spo_unified + barnyard. - -elz -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQA/AwUBQ9eRcaIpv/xAG6RUEQJayQCfazBRnR3dl1AnC686JqMh9YLQRAgAoJnD 7rlVUYIE9M576E6roL4ILy0O =WHIO -----END PGP SIGNATURE----- NïHYÞéXïïï'ïïïuïïï[ïïïïïïï Þïkïï!ïïïWï~ïéïzkïïCï åmïïïï@^Çïï^ïïzïZïfïzïjï!ïx2ïïïïïïïïïïÉ,ïïïï a{ï ïï,ïHïï4ïmïïïïïZïïjYïwïïÇrg

Previous Message by Thread: click to view message preview

spo_database vs prelude and other output plugins

I got two recommendations not to use spo_database... Dirk Geschke wrote: BTW: I would not use the database output plugin, use something which is decoupled. If the database hungs or gets restarted you will run into big problems... Eric Lauzon wrote: I dont know about your setup but from experience , i would tell you to stay away from spo_database.c , as logging to a DBMS is a blocking call and as a drawback if your database has some performance issue or if your monitored network interface receive a burst of packets you might have some drops, even with buffered lib pcap this issue may happen. What alternative should one use today? I have ~50 sensors in different countries. I need a nice frontend that can serve all sensors. Prelude seem to be the best choice from a redundant point of view. Any drawbacks with prelude compared to other output plugins? /Martin ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Next Message by Thread: click to view message preview

RE: spo_database vs prelude and other output plugins

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: snort-devel-admin@xxxxxxxxxxxxxxxxxxxxx > [mailto:snort-devel-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of > Martin Olsson > Sent: 25 janvier 2006 07:10 > To: snort-devel mailinglist > Subject: [Snort-devel] spo_database vs prelude and other > output plugins > > > > What alternative should one use today? I have ~50 sensors in > different countries. I need a nice frontend that can serve > all sensors. > > Prelude seem to be the best choice from a redundant point of > view. Any drawbacks with prelude compared to other output plugins? > > /Martin > I would recommend the same as jason , spo_unified + barnyard. - -elz -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQA/AwUBQ9eRcaIpv/xAG6RUEQJayQCfazBRnR3dl1AnC686JqMh9YLQRAgAoJnD 7rlVUYIE9M576E6roL4ILy0O =WHIO -----END PGP SIGNATURE----- NïHYÞéXïïï'ïïïuïïï[ïïïïïïï Þïkïï!ïïïWï~ïéïzkïïCï åmïïïï@^Çïï^ïïzïZïfïzïjï!ïx2ïïïïïïïïïïÉ,ïïïï a{ï ïï,ïHïï4ïmïïïïïZïïjYïwïïÇrg
Sign up for updates to this mailing list. email:
Loading Comments...
Home | News | Patents | Sitemap | FAQ | advertise

Advertising by