[Snort-users] Snort + Acid + lots of data
bugtrap at ...1276...
Sat May 12 15:44:11 EDT 2001
I want to do a litle test. I want to test how fast ( and useable)
acid combined with snort loging to a mysql database can be.
So far I have used this combination on a home computer and
everything worked without much trouble.
Now I'm trying to setup the the same combination on a web server.
This box has a lot of trafic and a lot of alerts and data is loged but I want to generate even more.
So far I have done this :
all alerts and loging are going in to a mysql database plugins vere
setup like this :
output database: log, mysql, user=xxx password=xxx dbname=snort host=localhost detail=full encoding=ascii
same for alert
snort is started with snort -D -d -e -a -I -X -y -c snort.conf
database was created with create_mysql and snortdb-extra.gz from
/contribs/ of snort.
I didn't know how to put portscan data in to the database. All the
plugins except minifrag and spade,( btw spade can't log to a mysql
database ? ) are used. All the rules are used except policy.rules.
Any sugestions ?
P.S. I want to log everything to a mysql database I hate tail -f.
More information about the Snort-users