[Snort-users] Snort vs. Barnyard2 performance logging to a database
bala150985 at ...11827...
Tue Feb 11 07:29:52 EST 2014
On Tue, Feb 11, 2014 at 4:08 PM, Dubrawsky, Ido <Ido.Dubrawsky at ...16687...>wrote:
> Has anyone done any performance tests benchmarking whether it's better for
> the Snort IDS process to insert alerts directly into a database (MySQL or
> PostGREsql) or whether performance is better if Snort writes the unified2
> file and lets Barnyard2 insert alerts into a database? A quick Google
> search hasn't easily revealed anything relevant at the moment.
If you are going for any supported version of snort as YM mentioned that
output plugin has been depreciated. I am not sure if snort version which
supports this database plugin is still under development.
As far as I can see if your snort could use some extra CPU cycles by not
writing to the database and rather use it for analysing the packets off the
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users