Wednesday, July 21, 2010

Placid

So, I wrote a small program in 2000/2001 called Placid which was a web front-end for Snort. It was meant to address several problems in which was then the most popular package, ACID.

I used it for 9 months, and had a number of issues with it.
  • Requirements - This was PHP back in The Day. There was no easy way to do anything. There were plenty of libraries that needed to be configured Just So. Getting everything configured was tricky and somewhat buggy.
  • Multiple database hits per page load
  • Additional tables
  • Temporal data added into tables at page load time
  • PHP
Placid, 1.0, directly addressed most of these issues.
  • One Requirement, MySQLdb, a python-mysql connector
  • One database hit per page load
  • No additional tables
  • No temporal data (I begrudgingly added name resolution in a future version)
  • Python
As one might imagine, this significantly sped up the application and allowed the database to max out(at the time) to 15 million events on the same hardware that used to choke at 1 million. Modern systems get close to 60 million. There are still problems though, which I hope to address soon, mainly...

  • Fixed query engine results, there is no custom searches that can be performed
  • No PostgreSQL support, which is a problem for some places (and another blog post later)
  • Inefficiencies in programming and query generation has cropped up as features have been added over the years. Not to mention the improvements to Python in 10 years.
  • No graphing, probably the single-most missed feature.
  • No saving commonly used queries.
Enter Placid 3.0, once I start working on it...