On Tue, 2002-10-08 at 16:32, [EMAIL PROTECTED] wrote: > > However, the amount of data is silly !! > 200 MB per HOUR !! This is far too much data to log and store away ? > > My question being .... > Does anyone log ALL IP Headers IN+OUT of there Networks ? > Should we be doing this ? Is it a good idea to take this approach ? > Any ideas suggestions would be appreciated.
I only log traffic on ports that has been disallowed by firewall rules and known malformed traffic. And if I have a problem I checkit with ethereal or tcpdump .. there is no way one machine can decode 200mb traffic/hour (At least not any of the machines I have) But what you could to is to setup you network in different segements at set snort sencores on every segment .. but then you'd probaly need to restructure your network abit. Best regards Kim
