Re: Snort vs. Barnyard2 performance logging to a database

[Balasubramaniam Natarajan <bala150985 () gmail com>]

On Tue, Feb 11, 2014 at 4:08 PM, Dubrawsky, Ido <Ido.Dubrawsky () itron com>wrote:

> Has anyone done any performance tests benchmarking whether it's better for
> the Snort IDS process to insert alerts directly into a database (MySQL or
> PostGREsql) or whether performance is better if Snort writes the unified2
> file and lets Barnyard2 insert alerts into a database?   A quick Google
> search hasn't easily revealed anything relevant at the moment.
If you are going for any supported version of snort as YM mentioned that
output plugin has been depreciated.  I am not sure if snort version which
supports this database plugin is still under development.

As far as I can see if your snort could use some extra CPU cycles by not
writing to the database and rather use it for analysing the packets off the
network.

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!