Fast Logging Project for Snort 1.6.0
Sponsored Links
Fast Logging Project for Snort 1.6.0 Ranking & Summary
File size:
0.68 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1237
Date added:
2006-06-06
Publisher:
DG
Fast Logging Project for Snort 1.6.0 description
Fast Logging Project for Snort is designed to gather alerts with payload from distributed snort sensors on a central server and to store them in a database (MySQL and PostgreSQL are supported).
On the sensor, the output is written to a process called sockserv. This process is threaded; one thread receives and buffers the alert packets, and the other thread forwards them to a central server.
The output is decoupled from snort, which can proceed in sniffing instead of waiting for the output plugins. At the central server, a process called servsock gathers all alerts from the remote sensors and feeds them to the database.
A short description of alerts with high priority together with the database ID can be sent via email to a list of recipients.
Main features:
- Decoupling of the output from snort. Snort can work on new packets instead of processing the output.
- Buffering of alerts on the sensor. This is useful if you have a shortage on your network to the central server or the servsock process on the central server is not running (maybe it will be restarted due to a change to a newer version...)
- Buffering of alerts on the central server. It is not uncommon that the database (especially MySQL) is hanging during a high input rate or the rate is faster than the database is able to store.
- Fast writing to the database via an unix domain socket.
- E-Mail alerting on high priority alerts.
- Drop feature for the worst case. At least the basic alert informations are still available either via E-Mail or on stdout/syslog.
- Since version 1.0.6 the alerts which should be dropped on the central server if servsock exits are written to a swap file. So this data is still availabe.
- If alerts have to been dropped because the high water mark was reached then these data are not written to the swap file.
Enhancements:
- Several checks were added, the alert data from Snort got a tag, and a restart of Snort is now checked.
- getpacket now has base 64 support.
- The statistics are now generated via the control thread so some signals are no longer necessary.
- The exit handler was rewritten and a cache for signatures was added.
- This cache can accelerate the insert rate by up to a factor of two and is implemented as a red black tree.
- During runtime, the only SELECT statement is for the signature ID, and all other operations are INSERT statements.
- The idea is to cache all signatures that caused an alert.
On the sensor, the output is written to a process called sockserv. This process is threaded; one thread receives and buffers the alert packets, and the other thread forwards them to a central server.
The output is decoupled from snort, which can proceed in sniffing instead of waiting for the output plugins. At the central server, a process called servsock gathers all alerts from the remote sensors and feeds them to the database.
A short description of alerts with high priority together with the database ID can be sent via email to a list of recipients.
Main features:
- Decoupling of the output from snort. Snort can work on new packets instead of processing the output.
- Buffering of alerts on the sensor. This is useful if you have a shortage on your network to the central server or the servsock process on the central server is not running (maybe it will be restarted due to a change to a newer version...)
- Buffering of alerts on the central server. It is not uncommon that the database (especially MySQL) is hanging during a high input rate or the rate is faster than the database is able to store.
- Fast writing to the database via an unix domain socket.
- E-Mail alerting on high priority alerts.
- Drop feature for the worst case. At least the basic alert informations are still available either via E-Mail or on stdout/syslog.
- Since version 1.0.6 the alerts which should be dropped on the central server if servsock exits are written to a swap file. So this data is still availabe.
- If alerts have to been dropped because the high water mark was reached then these data are not written to the swap file.
Enhancements:
- Several checks were added, the alert data from Snort got a tag, and a restart of Snort is now checked.
- getpacket now has base 64 support.
- The statistics are now generated via the control thread so some signals are no longer necessary.
- The exit handler was rewritten and a cache for signatures was added.
- This cache can accelerate the insert rate by up to a factor of two and is implemented as a red black tree.
- During runtime, the only SELECT statement is for the signature ID, and all other operations are INSERT statements.
- The idea is to cache all signatures that caused an alert.
Fast Logging Project for Snort 1.6.0 Screenshot
Advertisements
Fast Logging Project for Snort 1.6.0 Keywords
Fast Logging Project
Fast Logging Project Snort 1.6.0
to gather
Designed To
snort
fast
project
logging
alerts
central
Fast Logging Project for Snort
Fast Logging Project for Snort 1.6.0
Networking
System
Bookmark Fast Logging Project for Snort 1.6.0
Fast Logging Project for Snort 1.6.0 Copyright
WareSeeker periodically updates pricing and software information of Fast Logging Project for Snort 1.6.0 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Fast Logging Project for Snort 1.6.0 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
alerts furniture
snorting cocaine
project linus
logging equipment for sale
snorting
key logging
displays mcafee alerts
science fair projects
alerts delivered directly
logging trailers
project revolution
project playlist
logging equipment
alertsite
snorting adderall
fast search
alerts delivered right
snorty horse saloon
Related Software
PIX Logging Architecture is a project allowing for correlation of Cisco PIX Firewall traffic. Free Download
OpenRCT project is a multidisciplinary effort to enhance collaboration. Free Download
Jump into your high-tech spaceship codenamed Golden Hawk and pilot it through a challenging universe where only the strongests survive! Shoot your way... Free Download
Album Cover Art Downloader will go through your collection of music albums and for each one download a set of matching covers. Free Download
Fast Date Picker is a calendar that is easy to integrate into Web pages that require the users to select a date. Free Download
Logging Services project is intended to provide cross-language logging services for purposes of application debugging. Free Download
Liferea (Linux Feed Reader) is a fast, easy to use, and easy to install GNOME news aggregator for online news feeds. Free Download
SDE for Sun ONE is a UML tool tightly integrated with Sun ONE. SDE-SO supports all types of UML diagrams, code engineering,... New features include collaboratively modeling with CVS and Subversion, su Free Download
Latest Software
Popular Software
Favourite Software
