Re: [Snort-inline-users] DoS possible with stick attack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Will wrote:

> Yeah, we could used unified logging, the only problem is that you need
> something to deal with binary unified logging format such as barnyard.

Well, yes, but you need "something" to deal with 32000 files. Are you
really monitoring your inline's activities purely by reading text log
files? Presumably once you get into the tens/hundreds of thousands of
alerts created by an adversary, just reading the text files is pointless
anyway.
What, exactly, do you want plaintext logs for?

- Raz