[Snort-users] Re: Pushing raw tcpdump data into database is extremely slow

Thomas Novin thnov at ...4060...
Wed Nov 21 08:29:06 EST 2001


Yes, that was the idea. But I'm looking into other solutions now. Heard 
sawmill could keep up with GB throughput...

At 17:13 2001-11-21 +0100, you wrote:
>Am i wrong, or are you trying to log ALL the traffic on your network into
>the database??? (e.g.  log tcp any any -> any any (msg:"tcp";)
>
>Snort wasn't created for this, perhaps you should use something else or
>stick with tcpdump. (maybe you need something like they use for Echelon
>:-)
>
>Maybe I don't understand you, or you don't understand snort. That's also
>possible. ;-)





More information about the Snort-users mailing list