[Snort-users] Snort Analisys platform
kjohnson at ...12400...
Sat Nov 27 13:02:07 EST 2004
On Sat, 2004-11-27 at 04:43, mamo wrote:
> Hello Everybody.
> I am working for a company that want to deploy a large infrastructure
> based on Snort for N-IDS. I plan we will have around 20-30 network
> sensor and I think it is possibile they will produce more than 2
> Million Events / Day (they are the number of event present in the
> other commercial IDS platform already present).
> I am confident Snort can work well in this enviroment, but I am
> evaluating software for the event analisys task. I used Acid for some
> times in smaller enviroment, and really like it, but I don't know if
> it can permit user to query events with a db with more than 10 Million
While ACID/BASE can be used in this size of an environment, it will be
painfully slow and basically unusable. The BASE team is currently
focusing almost all of our efforts at increasing performance of BASE to
handle installations of this size. Hopefully the next version will be
the one for you.<g>
BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users