[Snort-users] Snort/Barnyard2 performance with remote DB

Jason Haar Jason_Haar at ...15306...
Wed Feb 29 21:23:48 EST 2012


On 01/03/12 14:47, beenph wrote:
> As i said before the REAL issue with the "old" plugin was the
> incredible amount of time it was quering the DB for 1 event, this
> dramatically reduced kind of fix the problem of using it over a high
> latency network, unless you use barnyard2 in combinaison with a
> special snort ruleset that would generate 2mb of data every second and
> you try to force that data arround the world over a 128k/s link, then
> you might have other issue. 

So you're saying that as long as you don't expect stooopid levels of
alerts, running multiple barnyard2's over a WAN back to a single SQL
server should be fine?

I just might have to try out your latest version ;-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list