[Snort-users] Snort Analysis platform

Patrick Marquetecken patrick.marquetecken at ...1187...
Sun Nov 28 06:38:15 EST 2004


I'm using OpenAanval and SnortReport, my mySQL database is about 1.6GB after two weeks and everything goes quite fast.

Patrick

On Sun, 28 Nov 2004 13:50:45 +0900
"Basselgia, Barry A Mr (NAF Atsugi)" <BABasselgia at ...12104...> wrote:

> Have you looked at Open Aanval (www.aanval.com).  I use Open Aanval and ACID
> together, I find myself switching back and forth depending on what I'm
> looking at/for.  
> 
> I've found the response time from Open Aanval stays pretty much the same
> even as the alerts database grows.  Unlike ACID that seems to slow down a
> lot when the database gets large.
> 
> Barry
> 
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of mamo
> Sent: Saturday, November 27, 2004 6:44 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort Analisys platform
> 
> 
> Hello Everybody.
> 
> I am working for a company that want to deploy a large infrastructure
> based on Snort for N-IDS. I plan we will have around 20-30 network
> sensor and I think it is possibile they will produce more than 2
> Million Events / Day (they are the number of event present in the
> other commercial IDS platform already present).
> 
> I am confident Snort can work well in this enviroment, but I am
> evaluating software for the event analisys task. I used Acid for some
> times in smaller enviroment, and really like it, but I don't know if
> it can permit user to query events with a db with more than 10 Million
> events.
> 
> The platform should have strong possibility to see event from
> different point of view (source IP, Dest IP, Event Name, Network
> Sensor Name, etc) and drill down to better analize. This approch is
> the only one I have found that permit to analize so much events.
> 
> Do you have any experience to share on software
> (commercial/opensource), that can permit Snort events analisys for an
> enviroment with so much events?
> 
> Best Regards,
>                      Max
> 
> PS
> Sorry for my poor English
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 


-- 
"Captain, are you aware there's a Klingon on your bridge?"
 -- Dukat (The Way of the Warrior)

Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B
ICQ# 316932703 
Registered Linux User #44550
http://counter.li.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041128/8f60f51f/attachment.sig>


More information about the Snort-users mailing list