Installing Snort
Jordon Bedwell
jordon at envygeeks.com
Mon Jun 27 01:11:33 UTC 2011
On 6/26/2011 8:00 PM, Ric Moore wrote:
> On Sun, 2011-06-26 at 13:33 -0800, Damien Hull wrote:
>> I see some instructions for snort include MySQL. Is there a good
>> reason to use MySQL with Snort?
> What did the instructions say?
Data retention, data sorting, easy data output, data integration. It's
easier to do all that with MySQL than a flat file. Reading and writing
large flat files can take abnormal amounts of time when doing most of
that (unless you happen to have huge amounts of memory available,) with
MySQL even 1 second is a world of difference compared to a flat file
with the same amount of data. Though, I would hope one would filter and
pop packets before it's even stored anyways to save resources and to
reduce overhead.
More information about the ubuntu-users
mailing list