Re: Horsepower

[James Hoagland <jim () SiliconDefense com>]

At 7:50 AM -0800 2/19/03, Snow Jacob C KPWA wrote:
> Curious as to which would need more horsepower in a multiple sensor 
> -> central DB configuration?  My guess would be the central DB since 
> the others are just kind of dumb sensors feeding the info to the 
> central DB, but thought I would pose the question to the group.

Jacob,

Quite likely the central DB.  I speculate that it might go the other 
way only if most of the following are strongly true:
  1) the sensors are tuned to produce very few alerts
  2) there aren't that many sensors
  3) the traffic monitored by the sensors is high
  4) there isn't much query type interaction with the central database

Hope this helps,

  Jim
--
|*     Jim Hoagland, Associate Researcher, Silicon Defense     *|
|*    --- Silicon Defense: The Cyberwar Defense Company ---    *|
|*   jim () SiliconDefense com, http://www.silicondefense.com/    *|
|*  Voice: (530) 756-7317                 Fax: (530) 756-7297  *|


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users