Re: Snort / acidlab and mysql
I think that is most secure use a external box to archive IDS data and reports. The firewall boxes normally generate a lot of megabytes of log and are very critical parts of network, so I think that the best way to avoid crashes and possible security issues. It' possible create a vlan for this service if you has a switch with this feature or create a other segment of net to services like this. All this questions are very personal and depends of your network traffic because if you make some scripts to manage databases and logs/reports you can mantain all working fine on the same box ( mysql, acid, snort and netfilter ). Bye, M. Genaro On Mon, 3 Nov 2003, Craig wrote: > Hi guys > > Is it a perferrable to have snort and acidlab running on a firewall > machine masquerding a network and logging to an internal server running > apache-ssl and mysql ? I would like to setup some sort of IDS but also > have more info on traffic in the internal network ? > > Thnaks > > ..Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: Snort / acidlab and mysql
I think that is most secure use a external box to archive IDS data and reports. The firewall boxes normally generate a lot of megabytes of log and are very critical parts of network, so I think that the best way to avoid crashes and possible security issues. It' possible create a vlan for this service if you has a switch with this feature or create a other segment of net to services like this. All this questions are very personal and depends of your network traffic because if you make some scripts to manage databases and logs/reports you can mantain all working fine on the same box ( mysql, acid, snort and netfilter ). Bye, M. Genaro On Mon, 3 Nov 2003, Craig wrote: > Hi guys > > Is it a perferrable to have snort and acidlab running on a firewall > machine masquerding a network and logging to an internal server running > apache-ssl and mysql ? I would like to setup some sort of IDS but also > have more info on traffic in the internal network ? > > Thnaks > > ..Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tracking down i/o sucking process
Am 2003-11-03 12:40:58, schrieb Dan MacNeil: >the command: > > top > >..is great for CPU & RAM but doesn't do disc... fuser -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
Re: tracking down i/o sucking process
Am 2003-11-03 12:40:58, schrieb Dan MacNeil: >the command: > > top > >..is great for CPU & RAM but doesn't do disc... fuser -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
unsubscribe
Re: ingress shaping?
hi clement & luca, thanks for your responses. i did include ingress shaping as a module, and it's automagically loaded when i try to use it. as luca said, the LARTC-howto states we can only 'shape data we transmit', but it was my believe that ingress shaping was there to solve this shortcoming simply just by dropping packets. i've read about working configs on the web (mainly for use with syn-flood protection), though none in a bridge-config. maybe my understanding of ingress is way off.. :-) regards, -rodi. On Mon, 2003-11-03 at 19:21, Clement Hermann wrote: > R.M. Evers wrote: > > >hi everyone, > > > >thanx for the tips om my last traffic shaping question. i've managed to > >get a debian bridge (ebtables / bridge-nf patched 2.4.22 kernel w/ > >newest 'tc') up and running which does firewalling and outgoing shaping. > >now, i wanted to try the incoming ingress shaping, but i cant get it to > >work: nothing gets shaped. it seems as if the ingress qdisc just isn't > >there.. > > > ... > > did you include ingress qdisc support in the kernel ? it's not enabled > by default. And if you did configure it as a module, did you insert the > module in the kernel ? (modprobe sch_ingress I guess) > > -- > Clément "nodens" Hermann
unsubscribe
unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ingress shaping?
hi clement & luca, thanks for your responses. i did include ingress shaping as a module, and it's automagically loaded when i try to use it. as luca said, the LARTC-howto states we can only 'shape data we transmit', but it was my believe that ingress shaping was there to solve this shortcoming simply just by dropping packets. i've read about working configs on the web (mainly for use with syn-flood protection), though none in a bridge-config. maybe my understanding of ingress is way off.. :-) regards, -rodi. On Mon, 2003-11-03 at 19:21, Clement Hermann wrote: > R.M. Evers wrote: > > >hi everyone, > > > >thanx for the tips om my last traffic shaping question. i've managed to > >get a debian bridge (ebtables / bridge-nf patched 2.4.22 kernel w/ > >newest 'tc') up and running which does firewalling and outgoing shaping. > >now, i wanted to try the incoming ingress shaping, but i cant get it to > >work: nothing gets shaped. it seems as if the ingress qdisc just isn't > >there.. > > > ... > > did you include ingress qdisc support in the kernel ? it's not enabled > by default. And if you did configure it as a module, did you insert the > module in the kernel ? (modprobe sch_ingress I guess) > > -- > Clément "nodens" Hermann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]