[ale] RE: Snort
bob at verysecurelinux.com
Tue Aug 19 13:50:39 EDT 2003
On Tue, Aug 19, 2003 at 01:20:30PM -0400, Christopher Fowler wrote:
> This snort program is really cool. I've got it logging to a
> directory called /tmp/sno. It seems that you can have it go
> into a database. Will it dump the package data into th database or
> just the header info. I want to make sure the database does not
> grwo uncontrollably. My database is behind the firewall so I can just
> dump there. It may be feasible to create a wiretap.
> -- Rx [ ] --- [ ] Rx --
> -- Tx [ ] --- [ ] Tx --
> | Rx
> [ ]
> [ ] Snort.
> Would this be correct cable configuration. I assume that I'll
> need to send Rx+ and Rx- to the IDS but do not need to worry
> about Tx+ and Tx-
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
Ale mailing list
Ale at ale.org
More information about the Ale