incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kowsik <kow...@gmail.com>
Subject Re: Collaborative Network Forensics
Date Tue, 25 Aug 2009 04:47:56 GMT
We set out to build pcapr as "packets meet web 2.0". Historically
packets have been relegated to tools written to be more command-line
oriented and we wanted to change that. Packets carry a wealth of
information and nothing better than web 2.0 (which to me is a way of
interacting and visualizing things in the browser) to bring out the
best in these little pesky beasts. Pcapr is somewhat unique in that it
bridges a wide array of folks with very different expertise (jquery,
javascript, couchdb, network/packet/security geeks, forensics,
operators and firewall/ips vendors). For the most part people only see
and interact with the application and are agnostic to the fact that
it's couchdb.

OTOH, the fact that we use couch is what enables us to very rapidly
iterate and deliver such sexy applications (I might be biased!)
without having to worry about schema and joins and such nastiness.

We are mostly using the map/reduce capabilities of couch. As I mention
it in my JS3 blog, that fact that pcapr is a three-tiered javascript
app means there's less data translation and less layers and that means
fast iteration with less things breaking.

For the record, "beam" has been running with 0.4% memory utilization
for the past 3 months. All view updates and document format changes
have all been on the fly without bringing anything down. Super cool.

K.

On Mon, Aug 24, 2009 at 1:25 PM, Chris Anderson<jchris@apache.org> wrote:
> On Sun, Aug 23, 2009 at 3:00 PM, kowsik<kowsik@gmail.com> wrote:
>> 15.0 GBytes, 26.3 million packets, contextual search and instant
>> access to packets, not to mention HN/Twitter-style one-liners attached
>> to packets and searches for a community oriented forensics
>> application.
>>
>> http://bit.ly/12I62D for the blog and
>> http://www.pcapr.net/forensics for the app
>>
>> Still no sql. :-)
>
> This is really cool - thanks for sharing.
>
> I'm not so in depth with the network security community - are people
> who understand this stuff getting into it? Are you taking advantage of
> the ability to publish data via CouchDB replication?
>
> Cheers,
> Chris
>
>>
>> K.
>> ---
>> http://labs.mudynamics.com
>> http://twitter.com/pcapr
>>
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

Mime
View raw message