[Snort-users] Data Collection Help

Lance Spitzner lance at ...2024...
Wed Nov 21 06:51:08 EST 2001


The Honeynet Project is beginning to collect data from various
distributed Honeynets.  One of our primary weapons for data capture
is Snort.  Question, what are some of the best practices for
data collection for distributed Snort sensors?  We are currently
doing the following, any additional ideas GREATLY appreciated.

 - MySQL backend for Snort alerts, ACID interface
 - Daily copy of Snort binary log files

If you have any more recommendations on what Snort data should
be collected, in what format, or how it can be organized, that
would be greatly appreciated.  For example, are there any options
besides ACID?

Instead of flooding the the maillist, it may be better if you send
your suggestions to me directly. We (the Project) will then play
around and see what works best.  Once we have established our own
best practices, we will be more then happy to release a paper on
it.

Thanks!

-- 
Lance Spitzner
http://project.honeynet.org







More information about the Snort-users mailing list