[Snort-users] Questions/Suggestion: Which data to put in the
jed at ...153...
Mon Aug 7 14:44:58 EDT 2000
> At first, I found the way in which the IP addresses were broken
> down to be vaguely annoying. However, after a few days of coding
> and integrating snort into my other databases I found that the way
> it is currently broken down to be the right way to go.
> In general, I have always believed that data should be gathered
> or sampled in the wild and then be broken down as much as possible
> before stashing it in a database. That way the data can be
> reassembled in ways not seen when the whole application was
> So my vote is to leave things the way they are.
Thanks for the comments Geoff. So I guess we are still not at any sort
of consensus on this issue. :( I got a mail this morning from someone
doing some performance testing (hi Pablo - in case he is reading this
list) to see which way works the best. If he does not mail the list
directly I will keep you posted if there are any results.
> BTW, did my perl/SQL code ever make it the list? I sent
> it out the same time the list moved to sourceforge.
Yes.. I did get a copy of this.
More information about the Snort-users