Hosting Provided By

[Snort-devel] Announce: FLoP-1.2.0

From: Dirk Geschke <dirk(at)geschke-online.de>
Date: Wed Mar 31 2004 - 17:05:12 EST

maybe someone is interested in the new release of FLoP, the Fast Logging Project for snort.

With FLoP alerts generated via snort are written to a unix domain socket, there a threaded process reads these alerts, buffers them in memory if necessary and forwards them to a central server.

On the central server another threaded process gathers these alerts, buffers them in memory if necessary and stores them via an unix domain socket to either a MySQL or PostgreSQL database.

The major changes between version 1.0 and 1.2 are:

+ A handshake mechanism is added between the remote
sensors and the central server.

+ If the database is not available any connection
from a remote sensor is temporarily refused.

+ If the databas dies during inserts all connections
to remote sensors are canceled, the buffere alerts are written to a sensor based swap file.

Do you need help?

+ If the database is available again and a remote
sensor reconnects we first check for the presence of a swap file for this sensor. If such a file is there we first read in these alerts from the file and then accept connections from the sensor. This way the possible lost of information should be minimized.

+ The database scheme as used by ACID can be extended
by a few columns. In these columns additional packet informations can be stored. With these additional data and the program "getpacket" the full pcap file can be reconstructed which is capable to be analyzed with tcpdump or ethereal.

All this and additional information can be found at:

http://www.geschke-online.de/FLoP

Best regards

Dirk Geschke

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Mar 31 17:35:00 2004

This message: [ Message body ]
Next message: Piotr Kowalczyk: "[Snort-devel] plugin idea"
Previous message: Jeremy Hewlett: "[Snort-devel] Snort 2.1.2 released!"
Next in thread: AJ Butcher, Information Systems and Computing: "[Snort-devel] Re: [Snort-users] Announce: FLoP-1.2.0"
Reply: AJ Butcher, Information Systems and Computing: "[Snort-devel] Re: [Snort-users] Announce: FLoP-1.2.0"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT