[Snort-users] Homebrew unified2 processing vs barnyard2

Eoin Miller eoin.miller at ...14586...
Mon Jul 19 15:24:02 EDT 2010


  On 7/19/2010 7:14 PM, K D wrote:
> True, I suppose I'm wondering if barnyard2's performance leaves much 
> to be desired in the snort community. I haven't seen any major 
> complaints, and would imagine it's not the source of any major 
> bottlenecks (as opposed to the actual database). I'd be interested to 
> see what the Sguil guys would have to say about their experience and 
> decisions regarding barnyard2 for their project.
>
> Though I plan to stick with Postgresql for now, has there been any 
> thought or research in NSM events (snort, sancp, etc) being stored in 
> the trendier schema-less databases or a hybrid unified2 flat file and 
> rdbms setup?
>
> \\korodev
>

barnyard2 is going to outperform most everything else just due to the 
language it is written in versus all the python/perl/ruby/whatever. 
There was a duplicate entry bug I found about six months ago, but the 
maintainers fixed it super quick and it runs pretty flawlessly. Actively 
maintained and fast, you can't ask for much more.

-- Eoin




More information about the Snort-users mailing list