[Snort-users] Snort to Oracle

Nicholas Bachmann nbachmann at ...6522...
Fri Jan 3 10:11:01 EST 2003

Steven Rudolph wrote:

 > Does anyone have any tips/tricks on getting snort to send logs to oracle?
It's a great guide.

 > I am getting well over 15K detected attempts a day and my database
 > grows too quickly for MySql to handle (my current setup)
Have you tuned your rules?  Are you geting 15,000 alerts or 15,000
alerts you want to look at?  Using something like Oinkmaster to update
and disable rules can help keep you current and more false-alert free.

 > I have been using the Acid front end to help analyze
Have you set up an archive database?  This can help keep load on your
production database low as well.


Nicholas Bachmann, SSCP
Tech Department
Davison Community Schools

More information about the Snort-users mailing list