[Snort-users] Homebrew unified2 processing vs barnyard2
eoin.miller at ...14586...
Mon Jul 19 15:24:02 EDT 2010
On 7/19/2010 7:14 PM, K D wrote:
> True, I suppose I'm wondering if barnyard2's performance leaves much
> to be desired in the snort community. I haven't seen any major
> complaints, and would imagine it's not the source of any major
> bottlenecks (as opposed to the actual database). I'd be interested to
> see what the Sguil guys would have to say about their experience and
> decisions regarding barnyard2 for their project.
> Though I plan to stick with Postgresql for now, has there been any
> thought or research in NSM events (snort, sancp, etc) being stored in
> the trendier schema-less databases or a hybrid unified2 flat file and
> rdbms setup?
barnyard2 is going to outperform most everything else just due to the
language it is written in versus all the python/perl/ruby/whatever.
There was a duplicate entry bug I found about six months ago, but the
maintainers fixed it super quick and it runs pretty flawlessly. Actively
maintained and fast, you can't ask for much more.
More information about the Snort-users