[Snort-users] Recommended NFS configuration to store snort logs

Joe Pampel jpampel at ...14829...
Fri Sep 24 13:43:54 EDT 2010


>From the other side, I use NFS extensively and like it quite a bit. I have no performance issues with it in even in very large deployments (although not for IDS/IPS).

That said, why aren't you using an IP socket to a back end database like MySQL?  Not sure why you would want to write this stuff to disk across a network when there are other cleaner and very well established options.

JM2C, ICBW,  YMMV and the usual disclaimers apply . . .


On Sep 24, 2010, at 1:25 PM, Castle, Shane wrote:

> I'm sorry; I can't recommend using NFS for anything, much less real-time
> writing of high-output logs.
>
> --
> Shane Castle
> Data Security Mgr, Boulder County IT
> GSEC GCIH
>
>
> -----Original Message-----
> From: carlopmart [mailto:carlopmart at ...11827...]
> Sent: Friday, September 24, 2010 11:15
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Recommended NFS configuration to store snort
> logs
>
> carlopmart wrote:
>> Hi all,
>>
>> I need to store all logs from 5 CentOS snort sensors over a NFS
> shared
>> storage. NFS servers are CentOS 5.5. Which could be the best
>> configuration for this scenario: NFSv3 or NFSv4?? Do i need to put
> some
>> special param to increment write/reads from sensors??
>>
>> many thanks.
>
> Any hints, please?
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> ------------------------------------------------------------------------
> ------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s).




More information about the Snort-users mailing list