[Oisf-devel] Who can tell me the advantange over snort?

Edward Fjellskål edwardfjellskaal at gmail.com
Wed Feb 22 15:26:53 EST 2012


On 02/22/2012 03:58 PM, Josh White wrote:
> Talk about opening pandora's box....

Anyone want to comment on Robert Graham thoughs:

http://erratasec.blogspot.com/2012/01/multithreaded-teaches-wrong-lessons.html

Ref discussion on #snort on Feb 13 2012

E

> 
> I'll start things off by saying that there's a number of advantages to
> using Suricata, most important of which is freedom and community.
> 
> On the technical site Suricata offers a number of advantages see
> (somewhat outdated articles):
> 
> http://holisticinfosec.org/toolsmith/docs/august2010.html,
> http://www.aldeid.com/wiki/Suricata-vs-snort
> http://www.inliniac.net/blog/2010/07/22/on-suricata-performance.html
> 
> However for my own use, scale is the most important feature.
> Multi-threading scales much better then parallelizing an application in
> some cases. NIDS happens to be one of those cases. Easy use of PF_Ring,
> PCRE, AC, Flow Pinning and others without having to force fit them in
> adds icing to the cake.
> 
> - josh
> 
> On Wed, Feb 22, 2012 at 5:08 AM, tingwei liu <tingw.liu at gmail.com
> <mailto:tingw.liu at gmail.com>> wrote:
> 
>     Who can tell me the advantange over snort of suricate?
>     _______________________________________________
>     Oisf-devel mailing list
>     Oisf-devel at openinfosecfoundation.org
>     <mailto:Oisf-devel at openinfosecfoundation.org>
>     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> 
> 
> 
> 
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel



More information about the Oisf-devel mailing list