[Snort-users] Alert caching for ACID as a cron job

Reeves, Michael (GEAE, Compaq) michael.reeves at ...3457...
Mon Sep 17 10:26:03 EDT 2001


I have a sensor that sits on a 100mbit pipe and I get TONS of events. The
problem I am running into is that each day when I get in I have to wait for
it to cache a few hunderd thousand events. Looking into the alert_cache.inc
I see the code but I don't have an environment to test it. (I had to fight
for the linux boxes I have now) Does anyone have a shell script that does
this already that you run as a cron job? I want to run one every 15 minutes
or so.. Any info would be great..

Mike Reeves
Security Administrator 
GE Aircraft




More information about the Snort-users mailing list