Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: db logging

From: roman () danyliw com
Date: Mon, 29 Oct 2001 21:38:28 US/Eastern
All I really want is to look at the data in the dbase and am not too
concerned about looking for intrusion detection.  So other than the 
logging rules I can just disable the rules right?


Disable all pre-preprocessors and use a set of rules like:

log tcp any any -> any any (msg: "TCP";)
log udp any any -> any any (msg: "UDP";)
log icmp any any -> any any (msg: "ICMP";)


Which database scheme is in the latest daily snapshot?  Should have
looked while I was at home!


v104 is in the latest snapshot.


This is going to take a while to put into the database isn't it?  The
file is 19Gig in size.


It will definitly take "a while".     

Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: