[Snort-users] AW: (Snort-users) Log analysis tools

sandro.poppi at ...3316... sandro.poppi at ...3316...
Thu Sep 6 06:53:04 EDT 2001


> > Try ACID. It's not that simple to install because of
> various support packages
> > needed and it's database related, but you get all alerts
> when they happen
> > /nearly realtime) and it can be queried via a browser.
> >
> > ACID can be found on http://www.cert.org/kb/acid/
> >
>
> Thank you for replying and this info. Is ACID a memory hog?

Well, I'm running snort on 4 interfaces (100 MBit/s FD, average to low
utilization) and also SnortSnarf and ACID including a mysql database all on a
PIII/800 with 256 MB RAM. I did not have any memory or cpu probs yet (pssst: I'm
running also ntop to get infos about the utilization of the interfaces on the
same machine, but please don't tell it to others >8).

> SnortSnarf needs
> lot of tuning up(that is another discussion). I would assume
> that such (ACID)
> setup would be on a different box and not on the Snort agent itself.

Of course this is a better solution especially if you are using more than one
snort sensor to log into the same database. But as said before, no probs yet.
>
> Thank you once again.

Anytime,
Sandro





More information about the Snort-users mailing list