[Snort-users] Snort Analisys platform

Kevin Johnson kjohnson at ...12400...
Sat Nov 27 13:02:07 EST 2004

On Sat, 2004-11-27 at 04:43, mamo wrote:
> Hello Everybody.
> I am working for a company that want to deploy a large infrastructure
> based on Snort for N-IDS. I plan we will have around 20-30 network
> sensor and I think it is possibile they will produce more than 2
> Million Events / Day (they are the number of event present in the
> other commercial IDS platform already present).
> I am confident Snort can work well in this enviroment, but I am
> evaluating software for the event analisys task. I used Acid for some
> times in smaller enviroment, and really like it, but I don't know if
> it can permit user to query events with a db with more than 10 Million
> events.

While ACID/BASE can be used in this size of an environment, it will be
painfully slow and basically unusable.  The BASE team is currently
focusing almost all of our efforts at increasing performance of BASE to
handle installations of this size.  Hopefully the next version will be
the one for you.<g>

Kevin Johnson
BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041127/6dd11c9f/attachment.sig>

More information about the Snort-users mailing list