Thread: SV: SV: [Secureideas-base-devel] Dumb fix
Brought to you by:
secureideas,
sinukas
From: Christian S. <Chr...@ti...> - 2004-12-22 06:39:30
|
Hi When we are on the subject for performance that every one is talking = about=20 First this performance issue/hog everyone is talking about when does it = really occure ? From my point of view yea of cause in the archive = database but then again when I dig there it's almost always due to and = old incident and I don't need the answer the same second. From what I = seen on other setups is that people don't really trim there rules = causing a waste amount of false positive, maybe this is why they say = there is a performance problem ? So lets dig in here abit and really = understand when and why and where the performance issue really are. Example So when people say BASE is slow and they have like 800.000 alerts in = there db my point is that its not BASE fault it=B4s the guy/girl fault = due to they cant setup snort correctly. I agree with Kevin that people want more out of BASE than they are = getting today well for all I know if we could make is automagic then = they will really love it(kidding). So what feature should we put on the = priority list ? Well the things that I feel are high on that list are = Performance, Alert maintenance, Display filters, Search function and = Administration. I will keep focusing on testing and ideas so if u need something tested = or just want to talk about ideas then don't hesitate to contact me. /Christian=20 -----Ursprungligt meddelande----- Fr=E5n: Kevin Johnson [mailto:kjo...@se...]=20 Skickat: den 22 december 2004 00:41 Till: Joel Esler Kopia: Christian Svensson; BASE Developers =C4mne: Re: SV: [Secureideas-base-devel] Dumb fix On Mon, 2004-12-20 at 11:37, J wrote: > Um oh.. >=20 > http://speakeasy.wpi.edu/placid/ Hi- I had seen this and I think it speaks directly to a problem that we have = all be tossing around. BASE and ACID are both performance hogs and = while they meet the needs of people using them, I do not believe they = are the future of intrusion analysis unless we radically change how they = work. This list and the related development has been very quiet lately. And I = think that might be good. I would like to wrap up some designs for the = new year and then get running. I would also like to figure out what is = the best way for this group to collaborate and I NEED feedback from you = guys to how is the best way to handle that. =20 Along with this, I would like everyone to think about what is something = they would like to do with BASE and how they want to work on it coming = up. I think that we have a lot of knowledge in this group and we need = to mash it all together<g> That is my ramble for right now... more later<g> Kevin |