Argus Database.

[Mark Poepping]

What sorts of queries are you expecting to run, especially as it pertains to
the time range of the data.  Few databases are this dynamic in terms of data
(if you're running on a live feed of any significant bandwidth), so it's a
trick to get it efficient enough to use..  We tend to spend a lot more
computing time gathering and pruning data than actually querying it..

Mark.

> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu [mailto:owner-argus-
> info at lists.andrew.cmu.edu] On Behalf Of Chris Keladis
> Sent: Saturday, March 12, 2005 1:07 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Argus Database.
> 
> Hi all,
> 
> I know this topic has come up before, but i was wondering how work was
> going in adding database support for Argus output?
> 
> I've played around with raxml and managed to use a python script to
> create a MySQL schema from the XML DTD (although it is very inefficient,
> it's got the basic structure).
> 
> I was thinking about performance with database output and have been
> thinking it might be best to use the same method Snort (IDS) uses to
> support high-speed monitoring, with database output.
> 
> Snort employs a high-speed outfile format called unified output, which
> is read by a post-processor, and using checkpoints, writes the data into
> the RDBMS, leaving Snort free to handle the task of performing IDS.
> 
> Perhaps a similar tool would be useful with Argus?
> 
> Would appreciate your thoughts.
> 
> 
> 
> 
> 
> Regards,
> 
> Chris.