Re: Deployment Sizes? was: anyone trying kickfire to improve SQL performance?

[Jason Haar <Jason.Haar () trimble co nz>]

Stewart L wrote:
> Define a large installation?
>
> That's something I've been wondering... We've set up a big central 
> snort box on a 16 core machine with 16GB or RAM and 1.2TB of disk.   
> We're currently running 6 instances of snort on this hardware and plan 
> on having 12-16 instances when our rollout is complete.   We'll likely 
> also have a couple remote sensors feeding stuff into MySQL over the 
> network.

..well that classifies you as "a large installation" in my eyes :-)

BTW: are you saying you're running 6 instances of snort on the same box 
as your database? I thought that was a Bad Idea(tm)...

However, I guess if your IDS only generate 1 event per minute, then 
there really isn't much competing occurring. Although when you actually 
use the SQL data (eg via BASE), then it could hurt your packet 
inspection...?



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users