Re: [Sguil-devel] Patch for using Daemonlogger in log_packets.sh
Status: Beta
Brought to you by:
bamm
From: Paul S. <pa...@ut...> - 2007-04-03 18:18:45
|
--On Tuesday, April 03, 2007 10:38:50 -0400 Richard Bejtlich=20 <tao...@gm...> wrote: > I decided to look at replacing Snort with Daemonlogger > (http://www.snort.org/dl/daemonlogger/) in log_packets.sh. The > attached patch should make the right changes to the latest > log_packets.sh from CVS. > > The only functionality not present in the new Daemonlogger > log_packets.sh is the ability to enable > > -u sguil -g sguil -m 122 > > because Daemonlogger doesn't drop privileges. > > If you're wondering about footprint, on my FreeBSD 6.x system Snort in > packet logger mode used 3708KB while Daemonlogger used 824KB. > Richard, will this be committed now? Or worked into the upcoming 0.7.0=20 update? (I'm wondering if I need to update the port or hold off until=20 0.7.0 is released.) Paul Schmehl (pa...@ut...) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ |