Snort/ACID Database Optimizations
Snort's ability to log alerts into an SQL database, combined with the ACID
analysis console, makes it a powerful tool for security personel to monitor
and analyze IDS events. However, under high alert loads, the database system
itself can become a bottleneck that causes packet drop and loss of information,
rendering the entire NIDS ineffective.
Caching one key database table inside the Snort sensor eliminates a costly
database lookup and reduces the alert insertion overhead by over 25 percent.
The modified database plugin for Snort as well as an associated technical
report are available here at no cost. The code has been developed for
Snort 1.9.1 and is compatible with Snort 2.0.
Feel free to
us with any questions or comments, especially if you find this code useful.
Verilog Hardware and Testing Modules
During the prototype development, a number of general-purpose modules have
been designed that may be of interest to other users. The SPANIDS team
will be happy to provide this code free of charge, just
Please note that although we do not provide direct links to these modules
here, they have been used extensively and have been stable for quite some
time. We are more than happy to provide the Verilog code
upon request, and to answer any