[Snort-users] Log all traffic?
mkettler at ...4108...
Wed Nov 5 16:08:04 EST 2003
At 05:43 PM 11/5/2003, Mark Nipper wrote:
>On 05 Nov 2003, nick travis wrote:
> > Is there a rule for snort to log all network traffic. I need to dump it
> > all into a database and query it for bandwidth usage by certain hosts.
> I think you're better off using tcpdump or ethereal for
>something like this.
Well, he wants to dump it to a database..
Quite frankly, logging all the packets to a database and doing a query is
an insanely complex way of calculating bandwidth usage.
He'd be better off not trying to log packets at all and instead using
IPTables/IPChains's accounting capabilities for this. It's what they're for :).
More information about the Snort-users