Snort mailing list archives

Re: Snort Analisys platform

From: Kevin Johnson <kjohnson () secureideas net>
Date: Sat, 27 Nov 2004 16:01:09 -0500

On Sat, 2004-11-27 at 04:43, mamo wrote:

Hello Everybody.

I am working for a company that want to deploy a large infrastructure
based on Snort for N-IDS. I plan we will have around 20-30 network
sensor and I think it is possibile they will produce more than 2
Million Events / Day (they are the number of event present in the
other commercial IDS platform already present).

I am confident Snort can work well in this enviroment, but I am
evaluating software for the event analisys task. I used Acid for some
times in smaller enviroment, and really like it, but I don't know if
it can permit user to query events with a db with more than 10 Million
events.


While ACID/BASE can be used in this size of an environment, it will be
painfully slow and basically unusable.  The BASE team is currently
focusing almost all of our efforts at increasing performance of BASE to
handle installations of this size.  Hopefully the next version will be
the one for you.<g>

Thanks
Kevin Johnson
-------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Snort Analisys platform mamo (Nov 27)
- Re: Snort Analisys platform Kevin Johnson (Nov 27)
- Re: Snort Analisys platform Andreas Östling (Nov 28)
  - Re: Snort Analisys platform Sam Evans (Nov 28)
- <Possible follow-ups>
- RE: Snort Analisys platform Harper, Patrick (Nov 28)
- Snort Analisys platform max (Nov 29)
  - Re: Snort Analisys platform Michael Boman (Nov 30)