[Oisf-devel] Who can tell me the advantange over snort?
Edward Fjellskål
edwardfjellskaal at gmail.com
Wed Feb 22 20:26:53 UTC 2012
On 02/22/2012 03:58 PM, Josh White wrote:
> Talk about opening pandora's box....
Anyone want to comment on Robert Graham thoughs:
http://erratasec.blogspot.com/2012/01/multithreaded-teaches-wrong-lessons.html
Ref discussion on #snort on Feb 13 2012
E
>
> I'll start things off by saying that there's a number of advantages to
> using Suricata, most important of which is freedom and community.
>
> On the technical site Suricata offers a number of advantages see
> (somewhat outdated articles):
>
> http://holisticinfosec.org/toolsmith/docs/august2010.html,
> http://www.aldeid.com/wiki/Suricata-vs-snort
> http://www.inliniac.net/blog/2010/07/22/on-suricata-performance.html
>
> However for my own use, scale is the most important feature.
> Multi-threading scales much better then parallelizing an application in
> some cases. NIDS happens to be one of those cases. Easy use of PF_Ring,
> PCRE, AC, Flow Pinning and others without having to force fit them in
> adds icing to the cake.
>
> - josh
>
> On Wed, Feb 22, 2012 at 5:08 AM, tingwei liu <tingw.liu at gmail.com
> <mailto:tingw.liu at gmail.com>> wrote:
>
> Who can tell me the advantange over snort of suricate?
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> <mailto:Oisf-devel at openinfosecfoundation.org>
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
More information about the Oisf-devel
mailing list