We use Daemonlogger as a pcap logger of choice with the Sguil implementation with the securixlive NSMnow projects management scripts. The NSMnow scripts were stopping and restarting the packet capturing every 15 minutes, which causes a great deal of problems when you are trying to investigate and you are missing portions of TCP streams. So we swapped [...]
|
||||||
|
I am pontificating upon the problem of doing IDS on high speed (10 gigabit or greater) networks without massive amounts of traffic being missed by the IDS due to the bottleneck of a single core being used for analysis. More specifically, a single stream of traffic is only being able to be analyzed by a single process that [...] If you need “Industrial Strength” IDS and network forensics capabilities, you are going to need to get you some disk space.
That is what 120TB looks like. The other 120TB will be sitting somewhere else. Sometimes developers make the darndest errors/comments. Take these from Daemonlogger. perror(”Unable to stat partition!\n”); |
||||||
|
Copyright © 2010 Trojaned Binaries - All Rights Reserved |
||||||