Snort mailing list archives
Re: Homebrew unified2 processing vs barnyard2
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 20 Jul 2010 14:48:25 +1200
On 07/20/2010 07:14 AM, K D wrote:
True, I suppose I'm wondering if barnyard2's performance leaves much to be desired in the snort community.
Aren't you dwelling on the wrong thing here? snort has to look at truckloads of network traffic, and records to file the events it thinks are interesting. i.e. the file is empty most of the time (people alerting >1 per sec are out of scope for this discussion ;-). Then barnyard monitors that file and creates SQL,syslog,etc events based on what it finds. Almost all the overhead/bottlenecks in a snort NIDS are on the collection and presentation (eg base) ends. Barnyard overhead is a mere blip in comparison. What we are all seeing is that *SQL is a slow backend to use as a frontend. Solving that is hard(ware) - or just move to Sourcefire's commercial solution - which doesn't use SQL ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Homebrew unified2 processing vs barnyard2 K D (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 Joel Esler (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 JJ Cummings (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 Eoin Miller (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 Jason Haar (Jul 19)
- Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)