Re: Homebrew unified2 processing vs barnyard2

[beenph <beenph () gmail com>]

On Mon, Jul 19, 2010 at 3:14 PM, K D <korodev () gmail com> wrote:
> True, I suppose I'm wondering if barnyard2's performance leaves much to be
> desired in the snort community. I haven't seen any major complaints, and
> would imagine it's not the source of any major bottlenecks (as opposed to
> the actual database). I'd be interested to see what the Sguil guys would
> have to say about their experience and decisions regarding barnyard2 for
> their project.

I Can't talk for sguil guys, but as of PostgreSQL being a monster it self
there is a few things you have to consider.

1. The hardware hosting the database
2a. The schema your using (acid might not be your best friend)
2b. The amount of data your processing
3a. The kind of index you have
3b. The type query you make to your database
4. The way you archive your data.

PostgreSQL evolved alot from 7.x to 8.ishes, thus alot of the manual
tunning are gone, eventho there is still a few things that
can influence its performance, the way you store and query the dats
would be the true bottleneck.

> Though I plan to stick with Postgresql for now, has there been any thought
> or research in NSM events (snort, sancp, etc) being stored in the trendier
> schema-less databases or a hybrid unified2 flat file and rdbms setup?
> \\korodev


-elz

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users