[Snort-users] Questions/Suggestion: Which data to put in the DB?

Fyodor fygrave at ...121...
Mon Jul 31 11:21:44 EDT 2000


~ :
~ :What about letting the user choose which data to put in the database,
~ :and what names to put on the fields?  The best is probably to have this
~ :as a run-time configuration, but even being able to change this in an
~ :easy way before compilation would help. :-)

That is why you have the source code, right ;-P

The idea sounds interesting, I'd like to hear what Jed would say about it:)

~ :And a question: 
~ :
~ :What about develop a standard database layout for anomaly based IDS?  Or
~ :does this already exist?



I think there's already something done in this field, have a look on
Data Model draft athttp://www.silicondefense.com/idwg/donahoo-sec4.txt,
Section 4.1.1.9 is more applicable to signature-based IDS, but the rest
will do for both.







More information about the Snort-users mailing list