[Snort-users] Questions/Suggestion: Which data to put in the

Jed Pickel jed at ...153...
Mon Aug 7 14:44:58 EDT 2000


> At first, I found the way in which the IP addresses were broken
> down to be vaguely annoying.  However, after a few days of coding
> and integrating snort into my other databases I found that the way
> it is currently broken down to be the right way to go.
> 
> In general, I have always believed that data should be gathered
> or sampled in the wild and then be broken down as much as possible 
> before stashing it in a database.  That way the data can be 
> reassembled in ways not seen when the whole application was
> designed.
> 
> So my vote is to leave things the way they are.

Thanks for the comments Geoff. So I guess we are still not at any sort
of consensus on this issue. :( I got a mail this morning from someone
doing some performance testing (hi Pablo - in case he is reading this
list) to see which way works the best. If he does not mail the list
directly I will keep you posted if there are any results.

> BTW, did my perl/SQL code ever make it the list?  I sent
> it out the same time the list moved to sourceforge.  

Yes.. I did get a copy of this.

* Jed




More information about the Snort-users mailing list