[Snort-users] Alert caching for ACID as a cron job

Reeves, Michael (GEAE, Compaq) michael.reeves at ...3457...
Mon Sep 17 11:02:06 EDT 2001


Yea.. But that wouldn't be as cool...  :)

Mike


-----Original Message-----
From: Steve Halligan [mailto:agent33 at ...187...]
Sent: Monday, September 17, 2001 1:59 PM
To: 'Reeves, Michael (GEAE, Compaq)';
'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Alert caching for ACID as a cron job



> I have a sensor that sits on a 100mbit pipe and I get TONS of 
> events. The
> problem I am running into is that each day when I get in I 
> have to wait for
> it to cache a few hunderd thousand events. Looking into the 
> alert_cache.inc
> I see the code but I don't have an environment to test it. (I 
> had to fight
> for the linux boxes I have now) Does anyone have a shell 
> script that does
> this already that you run as a cron job? I want to run one 
> every 15 minutes
> or so.. Any info would be great..
>

You could just leave the Last XX alerts page open on a machine.  It
refreshes, and therefore populates the cache, every x seconds.

-Steve 




More information about the Snort-users mailing list