Snort mailing list archives
Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sun, 04 May 2008 09:13:54 +1200
Stewart L wrote:
Well, I wasn't in charge of the deployment. I handed it off to one of the guys on my team to do the research and recommendations. Part of the problem is that there is no SOLID advice out there on how to set up and tweak a lot of this stuff. We have the oreilly books and have done some searches, but there is a lot of hand waving and not a lot of solid answers.
There are too many variables for there to be a "one size fits all" answer. That's why companies like SourceFire exist - they do all that background 'thinking' for you and produce a product that 'just works'. You should check the solution you have actually works. 6-16 100Mbs Ethernet monitors on one box is probably too many. Unless you've cherry-picked the motherboard,Ethernet cards, etc. And I'm assuming they're 100M - if they are Gb - you almost certainly have a problem.
So, you're saying that if I were to have another machine do the actual capture and a separate database machine, I'd be better off in the long haul? That should be pretty easy to set up.
Yup - you won't get all the hard SQL work interfering with the hard packet sniffing work. And barnyard of course instead of native SQL support. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance? Jason Haar (May 02)
- Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance? Stewart L (May 03)
- Message not available
- Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance? Jason Haar (May 03)
- <Possible follow-ups>
- Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance? moses (May 05)