>>> I would like to set up a firewall and network monitoring system using 
>>> snort, acid, and postgres as a database.  Has anyone had experinece using
>>>  snort and acid?
>> 
>> Yes.  I had ACID working with both MySQL and PostgreSQL for snort.  I was 
>> monitoring 200Mb/s of bandwidth with the poor little box and was recording 
>> a few million records a week of bad traffic.  Needless to say the databases
>>  faired pretty badly when it came time to go through what had been 
>> collected. PostgreSQL did better on the handling of data getting added, but
>>  MySQL was able to do the selects magnitudes of orders faster (e.g. 60 
>> second read for MySQL, 3600 second read for PostgreSQL).
>> 
>> Just for fits and giggles, I turned off all the rules and then just enabled
>>  the telnet and FTP logger rules.  Saw about 30,000 unique user 
>> ids/passwords going each way in just a few hours.  I deleted the data and 
>> reinstituted the normal ruleset, but that was an interesting test of just 
>> how easy it is to get that kind of information when the logins are insecure
>>  like that.

> Your e-mail is interesting... Could you give me the details on the acid & 
> postgres/mysql configuration?  How did you take the output from acid and put 
> it into the database?  Do you have any code you can send me?
> 
> The difference in the database selects is amazing!  Do you have any output 
> from the query analysis tools in postgres and mysql?

I think you are a bit confused.  ACID doesn't put the data in the database, 
snort does.  ACID is for viewing the data that snort stored in the database.  I 
don't have access to any of the configs, but the docs were very straight forward 
in setting up the logging to the databases (both MySQL and PostreSQL).
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss