[Snort-users] IP to hostname translation in the alerts?

Borja Marcos borjamar at ...778...
Fri Apr 20 07:07:08 EDT 2001


On Friday 20 April 2001 12:12, you wrote:
> Is it possible to activate IP to hostname translation in the alerts?

	There is a performance problem if your snort is registering lots of alerts, 
and unless you also keep the numeric address, you are loosing information. 
Imagine when requesting the name for my IP address, you get 
"www.whatever.com" and you aren't keeping the IP address; you have lost the 
original IP address. This is a serious problem with some programs that *only* 
log the name.

	I think it is much better to have numeric IP addresses and resolve what you 
want.



	Borja.





More information about the Snort-users mailing list