[Snort-users] Questions/Suggestion: Which data to put in the DB?
fygrave at ...121...
Mon Jul 31 11:21:44 EDT 2000
~ :What about letting the user choose which data to put in the database,
~ :and what names to put on the fields? The best is probably to have this
~ :as a run-time configuration, but even being able to change this in an
~ :easy way before compilation would help. :-)
That is why you have the source code, right ;-P
The idea sounds interesting, I'd like to hear what Jed would say about it:)
~ :And a question:
~ :What about develop a standard database layout for anomaly based IDS? Or
~ :does this already exist?
I think there's already something done in this field, have a look on
Data Model draft athttp://www.silicondefense.com/idwg/donahoo-sec4.txt,
Section 188.8.131.52 is more applicable to signature-based IDS, but the rest
will do for both.
More information about the Snort-users