[Snort-users] Re: Pushing raw tcpdump data into database is extremely slow
thnov at ...4060...
Wed Nov 21 08:29:06 EST 2001
Yes, that was the idea. But I'm looking into other solutions now. Heard
sawmill could keep up with GB throughput...
At 17:13 2001-11-21 +0100, you wrote:
>Am i wrong, or are you trying to log ALL the traffic on your network into
>the database??? (e.g. log tcp any any -> any any (msg:"tcp";)
>Snort wasn't created for this, perhaps you should use something else or
>stick with tcpdump. (maybe you need something like they use for Echelon
>Maybe I don't understand you, or you don't understand snort. That's also
More information about the Snort-users