[Oisf-devel] Who can tell me the advantange over snort?

Martin Holste mcholste at gmail.com
Wed Feb 22 14:57:40 UTC 2012


If you have a lot of traffic to monitor such that a single core
running Snort is insufficient, Suricata is more memory efficient with
its multi-threading than the other way of running multiple Snorts on
the same box to achieve more inspection capacity, as I outlined here:
http://ossectools.blogspot.com/2011/07/running-load-balanced-snort-in-pfring.html.
 For example, very few can run sixteen Snorts with ac full (highest
memory utilization, best performance) on more than a few thousand
rules.  Suricata makes this feasible.

There are many other reasons why Suricata could be considered superior
which are more open to debate, but this point should be fairly
uncontroversial.

On Wed, Feb 22, 2012 at 4:08 AM, tingwei liu <tingw.liu at gmail.com> wrote:
> Who can tell me the advantange over snort of suricate?
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel



More information about the Oisf-devel mailing list