[Snort-users] Data Collection Help (fwd)

Guillaume guillaume at ...4029...
Fri Nov 23 00:24:04 EST 2001


En réponse à Andrea Barisani <lcars at ...96...>:

> ---------- Forwarded message ----------
> On Wed, 21 Nov 2001, Lance Spitzner wrote:
> 
> > The Honeynet Project is beginning to collect data from various
> > distributed Honeynets.  One of our primary weapons for data capture
> > is Snort.  Question, what are some of the best practices for
> > data collection for distributed Snort sensors?  We are currently
> > doing the following, any additional ideas GREATLY appreciated.
> > 
> >  - MySQL backend for Snort alerts, ACID interface
> >  - Daily copy of Snort binary log files
> > 
> 
> Hi Lance!
> 
> My experience is that the best way for logging snort sensors data is the
> following:
> 
> On the sensor
> 
> 1) standard snort process with full alert logging and tcpdump style
> binary logging of traffic.

Hi.

I would just have one question about this way of logging traffic which I think 
is a good way : did you (or anyone esle) benchmark snort and tcpdump (or any 
other libpcap-based utility) for raw traffic logging ? I.e.: which tool is the 
best (reliability, speed...) ?

Thanks.

Guillaume.

**********************************
Sent with HORDE/IMP




More information about the Snort-users mailing list