[Snort-users] Snort from a live Distro, rolling logs? No internal storage...

Hazel, Scott A. Scott.Hazel at ...5850...
Fri Oct 22 08:19:44 EDT 2004

Hey Jason. 

Check out knoppix-std.  It has what you're asking for and more. I've
used this in the past and you can turn on the entire IDS package (Snort,
ACID, MySQL) with a single command.  Also helpful to use a USB key or
something similar to store config files, scripts, etc.  One caveat I've
noticed is a constant need to read from the CD for performing system
commands, etc. Performance can lag due to this. I'm sure someone else on
this list is more Unix savvy than me and can offer a way around this.
Seems like if you have enough RAM you can get around this problem to
some degree.  Anyway, hope this helps. 


Scott H.  

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason
Sent: Friday, October 22, 2004 8:16 AM
To: 'snort-users at lists.sourceforge.net'; 'Ring-of-fire at ...1601...'
Subject: [Snort-users] Snort from a live Distro, rolling logs? No
internal storage...

So I've been given a pretty beefy server (with no internal storage) and
was wondering if there is a live linux distro with snort and acid and
mysql all ready to go ( I know that phlak has snort, but I'm not sure
about the acid mysql part).  Also, is there any way to have snort use
some sort of rolling log file (we've got 512MB of RAM and would like to
use that for logging).
Thanks for any help or ideas.



This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give
us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find
out more http://productguide.itmanagersjournal.com/guidepromo.tmpl
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list