[Snort-users] Snort/Barnyard2 performance with remote DB

beenph beenph at ...11827...
Wed Feb 29 21:33:00 EST 2012


On Wed, Feb 29, 2012 at 9:23 PM, Jason Haar <Jason_Haar at ...15306...> wrote:
> On 01/03/12 14:47, beenph wrote:
>> As i said before the REAL issue with the "old" plugin was the
>> incredible amount of time it was quering the DB for 1 event, this
>> dramatically reduced kind of fix the problem of using it over a high
>> latency network, unless you use barnyard2 in combinaison with a
>> special snort ruleset that would generate 2mb of data every second and
>> you try to force that data arround the world over a 128k/s link, then
>> you might have other issue.
>
> So you're saying that as long as you don't expect stooopid levels of
> alerts, running multiple barnyard2's over a WAN back to a single SQL
> server should be fine?
>
> I just might have to try out your latest version ;-)
>

Yup.
The schema have its known issue but the plugin is production stuff in
its new form.

-elz




More information about the Snort-users mailing list