[Snort-users] Recovering Lost Alerts

Erek Adams erek at ...577...
Wed Aug 28 10:24:03 EDT 2002


On Wed, 28 Aug 2002, Ron Shuck wrote:

[...snip...]

> My concern is how do I recover lost or missed alerts if the MySQL
> database goes down briefly or if the sensor losses communication with
> the MySQL server?

Use barnyard.  :)  Snort writes a unifed file, and then BY comes along and
reads the file on the fly handing the data to the DB on the backend.

> I have added a 'heartbeat' mechanism in ACID to alert if any of the
> sensors go down for any reason, but this only lets me know I missed
> alerts. It looks like some of the information is in the syslog, but not
> all.

Cool feature.  Might want to send it to Roman for review.

> Any help or suggestion would be greatly appreciated.

Suggestion?  Sure!  "Try the hotpockets, they're breathtaking."  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list