Re: Intel X520 and Multi-Queue Snort

[Mike Lococo <mikelococo () gmail com>]

> Is easy to implement and alot of issue can be diagnosticed  with the
> right instrumentation written into the  DAQ library.

More instrumentation in the DAQ would be great, and I wouldn't call
sig-heartbeats a replacement for better data out of the DAQ. Just that
they are available today for minimal effort, and might help some folks.

> I have been following the discussion and it seem's to be leaning 
> toward some "defined" assumptions that if you crank crazy hardware 
> and load every possible rule (except some "nosier" ones) its gonna do
> the job by splitting traffic at a theorical 10gbs
>
> My main question would be if your sniffing outside at the edge of your
> network, do to sniff inside also?

I'm not sure how we've gone from the start of this thread to here, but
I'm tapping out.  All I'll say is that I agree that one needs more than
a hopped-up border-snort to effectively do incident-detection, and I
rely on numerous other event-sources.  On the other hand, this is the
snort-users list, which is about the most appropriate place in the world
to have a discussion that's a bit over-focused on hopped-up
border-snorting. ;)

Cheers,
Mike Lococo

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users