> I would like to set up a firewall and network monitoring system using snort,
> acid, and postgres as a database.  Has anyone had experinece using snort and
> acid?

Yes.  I had ACID working with both MySQL and PostgreSQL for snort.  I was 
monitoring 200Mb/s of bandwidth with the poor little box and was recording a few 
million records a week of bad traffic.  Needless to say the databases faired 
pretty badly when it came time to go through what had been collected. 
PostgreSQL did better on the handling of data getting added, but MySQL was able 
to do the selects magnitudes of orders faster (e.g. 60 second read for MySQL, 
3600 second read for PostgreSQL).

Just for fits and giggles, I turned off all the rules and then just enabled the 
telnet and FTP logger rules.  Saw about 30,000 unique user ids/passwords going 
each way in just a few hours.  I deleted the data and reinstituted the normal 
ruleset, but that was an interesting test of just how easy it is to get that 
kind of information when the logins are insecure like that.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss