[Snort-users] Log all traffic?

Matt Kettler mkettler at ...4108...
Wed Nov 5 16:08:04 EST 2003


At 05:43 PM 11/5/2003, Mark Nipper wrote:
>On 05 Nov 2003, nick travis wrote:
> > Is there a rule for snort to log all network traffic.  I need to dump it
> > all into a database and query it for bandwidth usage by certain hosts.
>
>         I think you're better off using tcpdump or ethereal for
>something like this.

Well, he wants to dump it to a database..


Quite frankly, logging all the packets to a database and doing a query is 
an insanely complex way of calculating bandwidth usage.

He'd be better off not trying to log packets at all and instead using 
IPTables/IPChains's accounting capabilities for this. It's what they're for :).





More information about the Snort-users mailing list