[Snort-users] Log everything for billing purposes
mkettler at ...7367...
Thu Apr 3 18:21:24 EST 2003
Since you really want bandwidth accounting, not packet logging, I'd suggest
using tools designed for accounting, not IDS's.
Using snort this way won't make you happy, as it tends to loose packets
when it tries to log everything. Even tcpdump would be orders of magnitude
better as it handles high load better (it doesn't do text searches). But
let's face it.. that's _really_ silly.
Most other modern kernel-level packet filter tools have very good
accounting capabilities and even traffic shaping capabilities. Look at
Linux's IPTables and the BSD's IPF.. they should be able to do what you
want, and aren't going to have to log every packet that goes by to do it.
At 05:09 PM 4/3/2003 -0800, Ross Davis - DataAnywhere wrote:
>If snort is not a good way to log the traffic, does anyone know of a
>good (and inexpensive) traffic accounting program?
More information about the Snort-users