Re: two sniffers on the same eth ifc performance impact?
From: Anton A. Chuvakin (anton@chuvakin.org)Date: 03/27/02
- Previous message: Bill Royds: "RE: A question for user behaviour profile based IDS"
- In reply to: Patrick Andry: "Re: two sniffers on the same eth ifc performance impact?"
- Next in thread: James_T_Matthews@RAYTHEON.COM: "Re: two sniffers on the same eth ifc performance impact?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Mar 2002 15:35:47 -0500 (EST) From: "Anton A. Chuvakin" <anton@chuvakin.org> To: Patrick Andry <pandry@wolverinefreight.ca>
Patrick and other esteemed members of the IDS list,
>What about just saving the tcpdump to file and pipig output to snort.
Yes, but it is not what I need. My specific requirements are as follows:
snort will already be logging to database, tcpdump file and log files
(alerts only) for all IPpackets(!). I also need to react in real-time
to some packets (which are not covered by snort rules) and which are
logged in particular format. Ngrep and a perl parser will be used for
that.
Best,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
- Previous message: Bill Royds: "RE: A question for user behaviour profile based IDS"
- In reply to: Patrick Andry: "Re: two sniffers on the same eth ifc performance impact?"
- Next in thread: James_T_Matthews@RAYTHEON.COM: "Re: two sniffers on the same eth ifc performance impact?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
