Data Reduction

[Brett.Gillett () tsx ca]

Hey everyone,

This question is an extenstion to my last one about a bad SQL statement; I
think we have figured that out.  I wanted to get everyone's thought on data
reduction.
What we want to do is store less data for more time, but we are having a
hard time actually deciding what to keep.  We would like to come up with 3
stages,

     1st stage - Snort DB
     2nd stage - medium
     3rd stage - long-term storage

We have come up with the following list for long-term storage,

timestamp,signature,sig_class_id,ip_src,tcp_sport,ip_dst,tcp_dport,ip_proto

What I am after are suggestions for the 2nd stage; in addition to above
what do you think would be worth keeping.

Thanks,

Brett



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users