[Snort-users] Snort + Acid + lots of data

Galileo bugtrap at ...1276...
Sat May 12 15:44:11 EDT 2001


Hello snort-users,

  I want to do a litle test. I want to test how fast ( and useable)
  acid combined with snort loging to a mysql database can be.
  So far I have used this combination on a home computer and
  everything worked without much trouble.
  Now I'm trying to setup the the same combination on a web server.
  This box has a lot of trafic and a lot of alerts and data is loged but I want to generate even more.
   So far I have done this :
  all alerts and loging are going in to a mysql database plugins vere
  setup like this :

output database: log, mysql, user=xxx password=xxx dbname=snort host=localhost detail=full encoding=ascii
same for alert
snort is started with snort -D -d -e -a -I -X -y -c snort.conf
database was created with create_mysql and snortdb-extra.gz from
/contribs/ of snort.

  I didn't know how to put portscan data in to the database. All the
  plugins except minifrag and spade,( btw spade can't log to a mysql
  database ? ) are used. All the rules are used except policy.rules.
  Any sugestions ?
  P.S. I want to log everything to a mysql database I hate tail -f.





More information about the Snort-users mailing list