Snort mailing list archives

Re: Price for "vanilla Snort" (no bells and whistles)

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 08 May 2002 11:27:02 -0400

On 5/8/02 11:12 AM, "dr.kaos" <dr.kaos () kaos to> wrote:

On Tuesday 07 May 2002 05:32 pm, Martin Roesch wrote:

For the record, Sourcefire has put no proprietary mods into Snort at
this time, the version running on our sensors is the exact same
version that you can download for free at snort.org.  That's why the
software has been improving so much lately (from a features and
stability standpoint), we need it to be there for our commercial
users and you get the benefits of that work.  All the proprietary
stuff that we do wraps around Snort and interacts with it, but
doesn't link directly into it (and therefore doesn't need to be GPL'd
itself).


Yeah, I realized the errors in my thought processes after Sandro
straightened me out yesterday ;)

Quick question, tho, for any of you Sourcefire guys and gals:

If I understand correctly, one of the most sifnificant improvements you
guys have made is in database logging speed and resulting query
performance. I think, based on a discussion I had with someone there
several months back, that the database sw you guys are using is in fact
proprietary, yes? If so, does it use the existing db output directives?


We don't use the existing DB mechanisms at all, we use our own version of
barnyard (which isn't GPL'd at this time, and who's license is under review
by Andrew and I).  The database is proprietary and available only under an
OEM license from its manufacturer, and it's fast as hell.

The stuff that we put on the Sourcefire boxes is pretty highly optimized to
scale up for large environments (which is our target market) and there isn't
much open source software out there besides the operating systems that
really scales to what we need.  That leaves us with coding it ourselves,
which we have done for many things, or finding high performance quality
software that's proprietary.

     -Marty

-- 
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Price for "vanilla Snort" (no bells and whistles) Glenn Larsson (May 06)
- Re: Price for "vanilla Snort" (no bells and whistles) dr.kaos (May 06)
  - Re: Price for "vanilla Snort" (no bells and whistles) Glenn Larsson (May 07)
    - Semi-OT: GPL and Snort--Was Cost of Vanilla Snort Erek Adams (May 07)
  - Re: Price for "vanilla Snort" (no bells and whistles) Martin Roesch (May 07)
    - Re: Price for "vanilla Snort" (no bells and whistles) dr.kaos (May 08)
    - Re: Price for "vanilla Snort" (no bells and whistles) Martin Roesch (May 08)