Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort/Barnyard2 performance with remote DB

From: Jason Haar <Jason_Haar () trimble com>
Date: Thu, 01 Mar 2012 15:23:48 +1300
On 01/03/12 14:47, beenph wrote:

As i said before the REAL issue with the "old" plugin was the
incredible amount of time it was quering the DB for 1 event, this
dramatically reduced kind of fix the problem of using it over a high
latency network, unless you use barnyard2 in combinaison with a
special snort ruleset that would generate 2mb of data every second and
you try to force that data arround the world over a 128k/s link, then
you might have other issue. 


So you're saying that as long as you don't expect stooopid levels of
alerts, running multiple barnyard2's over a WAN back to a single SQL
server should be fine?

I just might have to try out your latest version ;-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: