Super Fast Snort Considerations

["Davison, Charles Robert" <cdaviso1 () vols utk edu>]

Good Morning,

I was wondering what everyone is using in production for processing snort data at high throughput. We will need to 
process up to 100Gb/s. I had considered using Packet Pig but don't know if it's still viable, the neat thing about it 
was that it leveraged Hadoop? We ran into performance issues with Snorby and I'm leaning towards just a basic snort 
install forwarding alerts to our syslog server to be processed by our SEIM tool... any suggestions? If we used By2 I'm 
not sure it could handle the data. Hardware/Architecture design specifications would be much appreciated.

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!