Re: Snort/Barnyard2 performance with remote DB

[beenph <beenph () gmail com>]

On Wed, Feb 29, 2012 at 9:23 PM, Jason Haar <Jason_Haar () trimble com> wrote:
> On 01/03/12 14:47, beenph wrote:
> > As i said before the REAL issue with the "old" plugin was the
> > incredible amount of time it was quering the DB for 1 event, this
> > dramatically reduced kind of fix the problem of using it over a high
> > latency network, unless you use barnyard2 in combinaison with a
> > special snort ruleset that would generate 2mb of data every second and
> > you try to force that data arround the world over a 128k/s link, then
> > you might have other issue.
>
> So you're saying that as long as you don't expect stooopid levels of
> alerts, running multiple barnyard2's over a WAN back to a single SQL
> server should be fine?
>
> I just might have to try out your latest version ;-)

Yup.
The schema have its known issue but the plugin is production stuff in
its new form.

-elz

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!