[Snort-users] Deployment Sizes? was: anyone trying kickfire to

This is a discussion on [Snort-users] Deployment Sizes? was: anyone trying kickfire to within the Snort forums, part of the System Security and Security Related category; --===============1431677662== Content-Type: multipart/alternative; boundary="----=_Part_13248_11414259.1209778480709" ------=_Part_13248_11414259.1209778480709 Content-Type: text/plain; charset=ISO-8859-1 ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] Deployment Sizes? was: anyone trying kickfire to

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 1 Week Ago
Stewart L
 
Posts: n/a
Default [Snort-users] Deployment Sizes? was: anyone trying kickfire to
--===============1431677662==
Content-Type: multipart/alternative;
boundary="----=_Part_13248_11414259.1209778480709"

------=_Part_13248_11414259.1209778480709
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Define a large installation?

That's something I've been wondering... We've set up a big central snort box
on a 16 core machine with 16GB or RAM and 1.2TB of disk. We're currently
running 6 instances of snort on this hardware and plan on having 12-16
instances when our rollout is complete. We'll likely also have a couple
remote sensors feeding stuff into MySQL over the network.

I'm sure there are some bigger installs out there. Any folks done any this
size or larger and want to trade war stories and experiences? I'm sure at
some point we will hit some limitations based on I/O. I'd love to hear what
other folks do in those cases. Is upgrading hardware the only answer?

Stewart

On Fri, May 2, 2008 at 8:35 PM, Jason Haar <Jason.Haar@trimble.co.nz> wrote:

> I've just heard about a MySQL appliance that uses a "SQL chip" and other
> 'secret sauce' techniques to "massively improve mySQL performance".
>
> Anyone actually tried it with a large Snort installation? Any comments?
>
> See http://www.kickfire.com/ for details
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757...un.com/javaone
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users
>



--
Stewart

The revolution will not be televised.
The revolution will be no re-run brothers;
The revolution will be live.

------=_Part_13248_11414259.1209778480709
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Define a large installation?<br><br>That's something I've been
wondering... We've set up a big central snort box on a 16 core machine
with 16GB or RAM and 1.2TB of disk.&nbsp;&nbsp; We're currently running 6
instances of snort on this hardware and plan on having 12-16 instances
when our rollout is complete.&nbsp;&nbsp; We'll likely also have a couple remote
sensors feeding stuff into MySQL over the network.<br>
<br>I'm sure there are some bigger installs out there.&nbsp;&nbsp; Any folks done
any this size or larger and want to trade war stories and experiences?&nbsp;
I'm sure at some point we will hit some limitations based on I/O.&nbsp; I'd
love to hear what other folks do in those cases.&nbsp; Is upgrading hardware
the only answer?<br>
<br>Stewart<br><br><div class="gmail_quote">On Fri, May 2, 2008 at 8:35 PM, Jason Haar &lt;<a href="mailto:Jason.Haar@trimble.co.nz">Jason.Haar@ trimble.co.nz</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I've just heard about a MySQL appliance that uses a &quot;SQL chip&quot; and other<br>
'secret sauce' techniques to &quot;massively improve mySQL performance&quot;.<br>
<br>
Anyone actually tried it with a large Snort installation? Any comments?<br>
<br>
See <a href="http://www.kickfire.com/" target="_blank">http://www.kickfire.com/</a> for details<br>
<br>
--<br>
Cheers<br>
<br>
Jason Haar<br>
Information Security Manager, Trimble Navigation Ltd.<br>
Phone: +64 3 9635 377 Fax: +64 3 9635 417<br>
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1<br>
<br>
<br>
-------------------------------------------------------------------------<br>
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference<br>
Don't miss this year's exciting event. There's still time to save $100.<br>
Use priority code J8TL2D2.<br>
<a href="http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone" target="_blank">http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone</a><br>
_______________________________________________<br >
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users<br>
Snort-users</a> list archive:<br>
<a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Stewart<br><br>The revolution will not be televised.<br>The revolution will be no re-run brothers;<br>The revolution will be live.

------=_Part_13248_11414259.1209778480709--


--===============1431677662==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============1431677662==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1431677662==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:46 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0