[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] (again) Alert suppression not working
From: Doug Burks <doug.burks () gmail ! com>
Date: 2015-05-23 11:55:10
Message-ID: CAK8kjrAzdadd0uZ0bF4_eSni0-q7UXT-PmQzJ=Zc+rhOZ89DCQ () mail ! gmail ! com
[Download RAW message or body]
Replies inline.
On Fri, May 22, 2015 at 11:15 AM, Eric Dexter <eric@dexterfamily.net> wrote:
> Awesome! That was totally it Doug!
>
> As a follow-up, so that I understand this a bit more;
>
> From what I can tell, those are the unified2 alerts from each snort daemon. \
> Barnyard2 parses the files, and inserts the data into the database on the server. \
> Meanwhile, it's keeping track of what it's done with waldo files (bookmarks). Does \
> barnyard2 also delete the files after it's done processing them?
No, barnyard2 leaves the unified2 files on disk. There is a separate
purge process which will purge those old unified2 files once your disk
hits CRIT_DISK_USAGE, which is defined in /etc/nsm/securityonion.conf
and defaults to 90%.
> Thank you for your help! Awesome project. It's been a great resource for us. We're \
> fairly early in our implementation, but the information we've been able to learn \
> from it has been jaw dropping. The hardest part we've had has been properly scaling \
> the hardware to the workload. There are so many variables in the build that it \
> takes a bit to understand what effects what.
Please consider attending our training classes as we cover scaling and
tuning issues.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic