Re: Snort IDS Frontends

[Gerry Sneeringer <sneeri () UMD EDU>]

My experience at Maryland mirror Tim's.  We haven't played with
SnortCenter yet, but do utilize Snort w/ MySQL and ACID.  In our
case, it's running on FreeBSD 5.1.

We have the SQL/Web server running on a dual-Xeon box with 1/2GB
of memory.  We're religious about clearing alerts out of the
database before they build up and avoid excessively chatty
signatures.  We've been very happy with the performance, the
flexibility, and the price!

-Gerry

On Thu, 10 Jul 2003, Timothy Wright wrote:
> At Notre Dame, last year we undertook a thorough examination of
> what were some of the top commercial brands in the NIDS
> business.  In the end, we found that the best fit was
> Snort/MySQL/ACID/SnortCenter.  After having our IDS in
> production for a short while, I can report that sizing the
> various system components correctly should yield smooth results.
> ...
> I would have to say that I'm pleased with the results (and cost
> savings!!). Although the hardware we obtained for our NIDS
> wasn't cheap, we still spent far, far less than an equivalent
> commercial solution.
> ----- Original Message -----
> From: "Crawford, Charles D" <ccrawf () KU EDU>
> > ACID would be great if it weren't so slow. (Free is appealling,
> > but doesn't seem scalable, we had over a 500,000 records in our
> > database and it took over 2 minutes a wack on the mouse to get
> > anything back)

---
Gerry Sneeringer, CISSP
IT Security Officer
University of Maryland
Office of Information Technology

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.