Snort mailing list archives

Re: distributed snort

From: Andreas Hasenack <andreas () conectiva com br>
Date: Tue, 9 Oct 2001 10:35:20 -0300

Em Tue, Oct 09, 2001 at 02:55:21AM -0500, Tim Hughes escreveu:

back to mysql and ACID on the backend.  After 2 days or so (15-20K alerts),
I found that on my underpowered box (400 Celeron, 128 MB RAM, RedHat 6.2) it
would take an exteremely long time to query the database.


I think something is wrong here.
I have a setup with over 120k alerts, MySQL, K6-3D 400MHz 64Mb running also a webserver
which doesn't take an "extremely long" time to do the queries (with ACID on
an internal host).
The first page view of the day (where acid does the caching, i.e., it
takes longer than usual) just took 67s, and it archived 3449 alerts. The next
reload (shift-reload, to bypass cache, etc) took 16s.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

distributed snort meling (Oct 02)
- Re: distributed snort Michael Boman (Oct 03)
- Re: distributed snort Erek Adams (Oct 03)
- Re: distributed snort Tim Hughes (Oct 09)
  - Re: distributed snort Andreas Hasenack (Oct 09)
- <Possible follow-ups>
- RE: distributed snort Fraser Hugh (Oct 03)