[Oisf-devel] SnortSam? (and a big THANK YOU)
Matt Jonkman
jonkman at jonkmans.com
Wed Sep 1 12:27:58 UTC 2010
Hi Eduardo. Snortsam is a big part of my production systems as well, I
understand your predicament.
Distributed blocking is a major part of the IP Reputation task we're
about to start in phase two development (major kickoff in late september
after this round of bugfixes).
That'll include a snortsam-like mechanism to allow distributed blocking.
So the oisf probably won't put the effort into a snortsam plugin port,
but it's a very feasible thing to do if someone wanted to contribute
that. The api and the method is relatively simple, I think someone could
knock that out relatively easily. We'd definitely support it.
Snortsam's value in the interim while we're doing ip rep is that it
interfaces already with so many firewalls and other devices that can do
the blocking.
Matt
On 8/31/10 11:23 PM, Eduardo Meyer wrote:
> Is anyone planning on a port of the fw_sam output plugin?
>
> It's the only missing piece of code for a complete migration from
> Snort to Suricata.
>
> With Suricata I could (finally) use my 8 cores and lower CPU usage
> from 80% (my boss loves to run top(1) and hates to see such a critical
> application close to its CPU limit).
>
> Running on FreeBSD btw. So, kudos to veryone, this is a big THANK YOU
> for such a great alternative to Snort; not only about fw_sam.
>
--
----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinfosecfoundation.org
----------------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Oisf-devel
mailing list