[Snort-users] Snort Overloading BASE?
chase1124 at ...11827...
Wed Jan 20 15:53:00 EST 2010
I'm using MySQL, do you know if there is a script that will work for that as
I've tried using some filtering, but whenever use this .bpf file, snort
doesn't log ANYTHING. I'm not sure I see what is wrong with my tcpdump
[jchase at ...9687... ~]$ cat /etc/snort/ignore.bpf.bak
not src host xxx.xxx.xxx.163 and port 25
and not host 192.168.1.30 and port 161
snort 14221 1 0 2009 ? 00:00:00 /usr/sbin/snort -D -i eth0
-u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort -F
On Wed, Jan 20, 2010 at 3:44 PM, Alexander Novokhatsky <
alex.ontario at ...11827...> wrote:
> Hello James,
> I've set up Referential Integrity via foreign keys in database(MS SQL) and
> then created a job to remove outdated events based on dbo.event.timestamp
> SQL script, required for creating Referential Integrity is included in BASE
> sources. Just look them through.
> All other tables are updated automaticaly.
> I try to keep alerts number in BASE around 100.000 It becomes unusable when
> the number exceeds 500.000 alerts.
> Also consider using threshold and suppress rules in snort. It can help to
> reduce alerts count.
> Wednesday, January 20, 2010, 3:24:31 PM, you wrote:
> I'm running snort-2.8.5-1 on CentOS 5.4 and collecting snort alerts to a
> database with barnyard2. The problem is snort seems to be generating so many
> alerts that whenever I load the BASE page it takes 5 or 10 minutes to
> display! I believe it is just processing the new alerts but it really makes
> the system unusable.
> Is there anything that can be done to clear out the DB of old alerts
> automatically or anyone else that has experienced this problem?
> "Beware of all enterprises that require new clothes."
> -- Henry David Thoreau
> Best regards,
> Alexander mailto:alex.ontario at ...11827...<alex.ontario at ...11827...>
"Beware of all enterprises that require new clothes."
-- Henry David Thoreau
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users