[Snort-users] Snort auotmatic email alert.
emf at ...367...
Fri Aug 6 18:13:27 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Aug 06, 2004 at 07:50:23PM -0500, Harper, Patrick wrote:
> Don't those all use syslog?
Yes. MySQL/ACID does not scale. (sure, it's kinda neat if you
want to browse around in a limited data set, but MySQL limitations
keep you from having real historical datasets. You'll go to pcap files
And mining through the snortdb schema inside MySQL for event text in
order to send email alerts is kinda like bringing a hatchet to an ice cream social.
Besides, if you use SEC to do this, you can spend all your time writing state engine
rules so that you can use the state engine to do work for you, instead of digging
around in a browser all day trying to figure out which false alarm you're looking at
But if you like that sort of thing, don't let me stop you.
Principal Engineer, Information Security, ServerVault Corp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users