[Snort-users] Price for "vanilla Snort" (no bells and whistles)

Martin Roesch roesch at ...1935...
Wed May 8 09:09:23 EDT 2002

On 5/8/02 11:12 AM, "dr.kaos" <dr.kaos at ...4970...> wrote:

> On Tuesday 07 May 2002 05:32 pm, Martin Roesch wrote:
>> For the record, Sourcefire has put no proprietary mods into Snort at
>> this time, the version running on our sensors is the exact same
>> version that you can download for free at snort.org.  That's why the
>> software has been improving so much lately (from a features and
>> stability standpoint), we need it to be there for our commercial
>> users and you get the benefits of that work.  All the proprietary
>> stuff that we do wraps around Snort and interacts with it, but
>> doesn't link directly into it (and therefore doesn't need to be GPL'd
>> itself).
> Yeah, I realized the errors in my thought processes after Sandro
> straightened me out yesterday ;)
> Quick question, tho, for any of you Sourcefire guys and gals:
> If I understand correctly, one of the most sifnificant improvements you
> guys have made is in database logging speed and resulting query
> performance. I think, based on a discussion I had with someone there
> several months back, that the database sw you guys are using is in fact
> proprietary, yes? If so, does it use the existing db output directives?

We don't use the existing DB mechanisms at all, we use our own version of
barnyard (which isn't GPL'd at this time, and who's license is under review
by Andrew and I).  The database is proprietary and available only under an
OEM license from its manufacturer, and it's fast as hell.

The stuff that we put on the Sourcefire boxes is pretty highly optimized to
scale up for large environments (which is our target market) and there isn't
much open source software out there besides the operating systems that
really scales to what we need.  That leaves us with coding it ourselves,
which we have done for many things, or finding high performance quality
software that's proprietary.


Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-users mailing list