[Snort-users] Snort vs. Barnyard2 performance logging to a database

Balasubramaniam Natarajan bala150985 at ...11827...
Tue Feb 11 07:29:52 EST 2014


On Tue, Feb 11, 2014 at 4:08 PM, Dubrawsky, Ido <Ido.Dubrawsky at ...16687...>wrote:

> Has anyone done any performance tests benchmarking whether it's better for
> the Snort IDS process to insert alerts directly into a database (MySQL or
> PostGREsql) or whether performance is better if Snort writes the unified2
> file and lets Barnyard2 insert alerts into a database?   A quick Google
> search hasn't easily revealed anything relevant at the moment.
>
>
>
>
If you are going for any supported version of snort as YM mentioned that
output plugin has been depreciated.  I am not sure if snort version which
supports this database plugin is still under development.

As far as I can see if your snort could use some extra CPU cycles by not
writing to the database and rather use it for analysing the packets off the
network.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140211/aef53781/attachment.html>


More information about the Snort-users mailing list