[Snort-users] Recommended NFS configuration to store snort logs

waldo kitty wkitty42 at ...14940...
Fri Sep 24 18:00:20 EDT 2010


On 9/24/2010 13:50, carlopmart wrote:
> Castle, Shane wrote:
>> I'm sorry; I can't recommend using NFS for anything, much less real-time
>> writing of high-output logs.
>>
>> --
>> Shane Castle
>> Data Security Mgr, Boulder County IT
>> GSEC GCIH
>>
>>
>
> OK, then what type of storage is recommended to centralize all logs?? iSCSI??

syslog to a central syslog server for text logs... other's use sql databases and 
feed them via IP sockets... it all depends on your needs and usage, really... in 
my environment, we don't use any logs or databases other than snort's standard 
alert file... then again, we're not aggregating numerous sniffers in the product 
i'm working with ;)





More information about the Snort-users mailing list