[Snort-users] new user, great product, but ...
erek at ...950...
Wed Apr 23 07:57:56 EDT 2003
On Tue, 22 Apr 2003, Allen, Garrett wrote:
> installed version 1.9.1 (build 231) of the pink beastie. very interesting
> results captured from our network. pointed to a potential issue with xp
> configs. i'm generating log files, haven't quite got the mastery of mysql
> installation yet. anyways, here's the question:
> the very day i started using snort for real was the day one of our wandering
> sales minstrals returns with an ms-sql worm. it momentarily shut down our
> net when he fired up his machine, then went for coffee, flooding the network
> with traffic as a worm is want to do. we were able to quickly detect where
> the problem originated from and shut the machine down. but in the meantime
> snort generated enough log files to fill /var. ouch. any way to slow down
> the volume of log entries? any other operational tips?
* Save headache and move on to 2.0. It was released on 4/14.
* Consider using 'unified' logging . It can help with the log
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users