Snort mailing list archives
Re: Snort Analisys platform
From: Kevin Johnson <kjohnson () secureideas net>
Date: Sat, 27 Nov 2004 16:01:09 -0500
On Sat, 2004-11-27 at 04:43, mamo wrote:
Hello Everybody. I am working for a company that want to deploy a large infrastructure based on Snort for N-IDS. I plan we will have around 20-30 network sensor and I think it is possibile they will produce more than 2 Million Events / Day (they are the number of event present in the other commercial IDS platform already present). I am confident Snort can work well in this enviroment, but I am evaluating software for the event analisys task. I used Acid for some times in smaller enviroment, and really like it, but I don't know if it can permit user to query events with a db with more than 10 Million events.
While ACID/BASE can be used in this size of an environment, it will be painfully slow and basically unusable. The BASE team is currently focusing almost all of our efforts at increasing performance of BASE to handle installations of this size. Hopefully the next version will be the one for you.<g> Thanks Kevin Johnson ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis!
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort Analisys platform mamo (Nov 27)
- Re: Snort Analisys platform Kevin Johnson (Nov 27)
- Re: Snort Analisys platform Andreas Östling (Nov 28)
- Re: Snort Analisys platform Sam Evans (Nov 28)
- <Possible follow-ups>
- RE: Snort Analisys platform Harper, Patrick (Nov 28)
- Snort Analisys platform max (Nov 29)
- Re: Snort Analisys platform Michael Boman (Nov 30)