[Snort-users] ACID alternatives

Jeff Schmidt (CACL Tech Asst) schmidje at ...11869...
Thu Aug 12 12:28:10 EDT 2004


Sorry if this is a FAQ, but, can anyone suggest alternatives to ACID for 
analysis of SNORT data? I have a couple problems with ACID. The first 
being scalability. In our deployement of SNORT we seem to pick up 
10k-20k alerts per week. ACID absolutely *crawls* when working on such a 
dataset. Granted, we've got it running on an old low-end box, so I 
recognize that is certainly part of the problem, but ACID just doesn't 
seem to cut it. Also, it appears that ACID is dead. It never reached 1.0 
status, and in fact the last release of ACID was almost 2 years ago.

So, are there any active, open-source projects that are developing 
something similar to ACID but that might, perhaps be a better 
alternative to ACID?

Jeff Schmidt







More information about the Snort-users mailing list