[Snort-users] More than one output module
jberry at ...11848...
Thu Jul 15 09:11:14 EDT 2004
Maybe you are just overloading snort. DB logging causes intensive CPU
by itself but doing it to two different DB's and also Syslog will
probably slow Snort down enough to miss things.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Esler,
Joel - Contractor
Sent: Thursday, July 15, 2004 9:58 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] More than one output module
Has anyone experianced any problems with outputting to more than one
output module? Is there a reason for it? Does the order matter?
I have Snort logging to mysql, oracle, and syslog. But it seems when
syslog is turned, occasionally an alert will be missed in the db?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users