[Snort-users] Recovering Lost Alerts

Ron Shuck rshuck at ...6736...
Wed Aug 28 07:55:03 EDT 2002


I am working on a Snort deployment with ACID/MySQL. I am relatively new
to Snort. I worked previously with ISS RealSecure.

My concern is how do I recover lost or missed alerts if the MySQL
database goes down briefly or if the sensor losses communication with
the MySQL server?

I have added a 'heartbeat' mechanism in ACID to alert if any of the
sensors go down for any reason, but this only lets me know I missed
alerts. It looks like some of the information is in the syslog, but not

Any help or suggestion would be greatly appreciated.


Ron Shuck, CISSP - Managing Consultant
Buchanan Associates - A Technology Company in the People Business

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020828/8f3c6ec2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2951 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020828/8f3c6ec2/attachment.bin>

More information about the Snort-users mailing list