[Snort-users] Recommended NFS configuration to store snort logs
wkitty42 at ...14940...
Fri Sep 24 18:00:20 EDT 2010
On 9/24/2010 13:50, carlopmart wrote:
> Castle, Shane wrote:
>> I'm sorry; I can't recommend using NFS for anything, much less real-time
>> writing of high-output logs.
>> Shane Castle
>> Data Security Mgr, Boulder County IT
>> GSEC GCIH
> OK, then what type of storage is recommended to centralize all logs?? iSCSI??
syslog to a central syslog server for text logs... other's use sql databases and
feed them via IP sockets... it all depends on your needs and usage, really... in
my environment, we don't use any logs or databases other than snort's standard
alert file... then again, we're not aggregating numerous sniffers in the product
i'm working with ;)
More information about the Snort-users