[Snort-users] Recovering Lost Alerts
erek at ...577...
Wed Aug 28 10:24:03 EDT 2002
On Wed, 28 Aug 2002, Ron Shuck wrote:
> My concern is how do I recover lost or missed alerts if the MySQL
> database goes down briefly or if the sensor losses communication with
> the MySQL server?
Use barnyard. :) Snort writes a unifed file, and then BY comes along and
reads the file on the fly handing the data to the DB on the backend.
> I have added a 'heartbeat' mechanism in ACID to alert if any of the
> sensors go down for any reason, but this only lets me know I missed
> alerts. It looks like some of the information is in the syslog, but not
Cool feature. Might want to send it to Roman for review.
> Any help or suggestion would be greatly appreciated.
Suggestion? Sure! "Try the hotpockets, they're breathtaking." ;-)
More information about the Snort-users