[Snort-users] CVS or 1.7?

Andreas Hasenack andreas at ...1574...
Mon Jun 11 13:41:23 EDT 2001


Em Mon, Jun 11, 2001 at 10:51:39AM -0400, Jay Moore escreveu:
> I have been playing around with snort 1.7 and acid.   The box I have been
> playing with died.  Which is not necessarily a bad thing.  Gives me a chance
> to go back and setup everything the right way now that I have learned more
> about snort.  The box will sit behind a firewall.  I would like to know if I
> should run with the latest CVS build of snort.  Or stay with 1.7.  I don't
> mind downloading CVS builds.  I will be logging to mysql and running acid.
> What features are in 1.8cvs that are not in 1.7.  Are the features worth it

I think, since you will be using ACID and SQL, that the best new feature is
the database schema, which should make the acid reports much faster and upgrades
easier.
I had a database with about 33000 alerts and snort 1.7 (that is, schema=0),
and the distinct query for the current day took about 30s. But I don't have the
numbers on the new schema yet, should take a month or too to fill the new
database to the same number of alerts...

I'm also using acid from CVS, and it's really good and fixes some bugs in
the released versions.





More information about the Snort-users mailing list