I'm using OpenAanval and SnortReport, my mySQL database is about 1.6GB after
two weeks and everything goes quite fast.
Patrick
On Sun, 28 Nov 2004 13:50:45 +0900
"Basselgia, Barry A Mr (NAF Atsugi)" <BABasselgia@atsugi.navy.mil> wrote:
Have you looked at Open Aanval (www.aanval.com). I use Open Aanval and ACID
together, I find myself switching back and forth depending on what I'm
looking at/for.
I've found the response time from Open Aanval stays pretty much the same
even as the alerts database grows. Unlike ACID that seems to slow down a
lot when the database gets large.
Barry
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of mamo
Sent: Saturday, November 27, 2004 6:44 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Snort Analisys platform
Hello Everybody.
I am working for a company that want to deploy a large infrastructure
based on Snort for N-IDS. I plan we will have around 20-30 network
sensor and I think it is possibile they will produce more than 2
Million Events / Day (they are the number of event present in the
other commercial IDS platform already present).
I am confident Snort can work well in this enviroment, but I am
evaluating software for the event analisys task. I used Acid for some
times in smaller enviroment, and really like it, but I don't know if
it can permit user to query events with a db with more than 10 Million
events.
The platform should have strong possibility to see event from
different point of view (source IP, Dest IP, Event Name, Network
Sensor Name, etc) and drill down to better analize. This approch is
the only one I have found that permit to analize so much events.
Do you have any experience to share on software
(commercial/opensource), that can permit Snort events analisys for an
enviroment with so much events?
Best Regards,
Max
PS
Sorry for my poor English
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
"Captain, are you aware there's a Klingon on your bridge?"
-- Dukat (The Way of the Warrior)
Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B
ICQ# 316932703
Registered Linux User #44550
http://counter.li.org
pgpRAJtDLW1ME.pgp
Description: PGP signature
