new user, great product, but ...

["Allen, Garrett" <Garrett.Allen () ser com>]

heys,

installed version 1.9.1 (build 231) of the pink beastie.  very interesting
results captured from our network.  pointed to a potential issue with xp
configs.  i'm generating log files, haven't quite got the mastery of mysql
installation yet.  anyways, here's the question:

the very day i started using snort for real was the day one of our wandering
sales minstrals returns with an ms-sql worm.  it momentarily shut down our
net when he fired up his machine, then went for coffee, flooding the network
with traffic as a worm is want to do.  we were able to quickly detect where
the problem originated from and shut the machine down.  but in the meantime
snort generated enough log files to fill /var.  ouch.  any way to slow down
the volume of log entries?  any other operational tips?

thanks in advance.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users