Educause Security Discussion mailing list archives
Re: Snort IDS Frontends
From: "Crawford, Charles D" <ccrawf () KU EDU>
Date: Fri, 11 Jul 2003 14:38:03 -0500
Hi Gerry, Thanks for the reply, about how many records do you usually have in your DB? -----Original Message----- From: Gerry Sneeringer [mailto:sneeri () UMD EDU] Sent: Friday, July 11, 2003 2:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Snort IDS Frontends My experience at Maryland mirror Tim's. We haven't played with SnortCenter yet, but do utilize Snort w/ MySQL and ACID. In our case, it's running on FreeBSD 5.1. We have the SQL/Web server running on a dual-Xeon box with 1/2GB of memory. We're religious about clearing alerts out of the database before they build up and avoid excessively chatty signatures. We've been very happy with the performance, the flexibility, and the price! -Gerry On Thu, 10 Jul 2003, Timothy Wright wrote:
At Notre Dame, last year we undertook a thorough examination of what were some of the top commercial brands in the NIDS business. In the end, we found that the best fit was Snort/MySQL/ACID/SnortCenter. After having our IDS in production for a short while, I can report that sizing the various system components correctly should yield smooth results. ... I would have to say that I'm pleased with the results (and cost savings!!). Although the hardware we obtained for our NIDS wasn't cheap, we still spent far, far less than an equivalent commercial solution. ----- Original Message ----- From: "Crawford, Charles D" <ccrawf () KU EDU>ACID would be great if it weren't so slow. (Free is appealling, but doesn't seem scalable, we had over a 500,000 records in our database and it took over 2 minutes a wack on the mouse to get anything back)
--- Gerry Sneeringer, CISSP IT Security Officer University of Maryland Office of Information Technology ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Snort IDS Frontends Crawford, Charles D (Jul 10)
- <Possible follow-ups>
- Re: Snort IDS Frontends Timothy Wright (Jul 10)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Crawford, Charles D (Jul 11)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Phil Rodrigues (Jul 14)