Snort Report 7 Posted

My seventh Snort Report on Working with Unified Output has been posted. From the article:

In the last Snort Report we looked at output methods for Snort. These included several ways to write data directly to disk, along with techniques for sending alerts via Syslog and even performing direct database inserts. I recommended not configuring Snort to log directly to a database because Snort is prone to drop packets while performing database inserts. In this edition of the Snort Report I demonstrate how to use unified output, the preferred method for high performance Snort operation.

In the next edition I plan to discuss testing Snort.

Comments

Anonymous said…
Great article!

I am very much looking forward to your next installment on testing snort. One of my pet projects of late has been to develop an effective comparison of "on-the-wire" snort output versus the output of "after-the-fact" snort passes against full content data.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics