Re: Network Monitoring

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Kevin Brown
Date:  
To: plug-discuss
Subject: Re: Network Monitoring
> I would like to set up a firewall and network monitoring system using snort,
> acid, and postgres as a database. Has anyone had experinece using snort and
> acid?


Yes. I had ACID working with both MySQL and PostgreSQL for snort. I was
monitoring 200Mb/s of bandwidth with the poor little box and was recording a few
million records a week of bad traffic. Needless to say the databases faired
pretty badly when it came time to go through what had been collected.
PostgreSQL did better on the handling of data getting added, but MySQL was able
to do the selects magnitudes of orders faster (e.g. 60 second read for MySQL,
3600 second read for PostgreSQL).

Just for fits and giggles, I turned off all the rules and then just enabled the
telnet and FTP logger rules. Saw about 30,000 unique user ids/passwords going
each way in just a few hours. I deleted the data and reinstituted the normal
ruleset, but that was an interesting test of just how easy it is to get that
kind of information when the logins are insecure like that.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss