RE: Snort, MySQL, Acid

["Whaley, Mike" <mwhaley () rightnow com>]

I have the same configuration on win2k and I just fixed this problem with
mine.  First, increase your timeout value in your acid_conf.php file.  Next
you'll get cgi errors for IIS is you are running that.  Increase your
timeout for IIS and that should fix it.  For about 25,000 records it takes
about 1300 seconds to move the data to another archive on my machine.
Everything works great now and I can successfully move, copy, and delete
large amounts of data.

Mike Whaley

-----Original Message-----
From: Anton A. Chuvakin [mailto:anton () chuvakin org]
Sent: Monday, May 06, 2002 1:33 PM
To: Tim Sailer
Cc: Redman, Ken; Snort Users List (E-mail)
Subject: Re: [Snort-users] Snort, MySQL, Acid
Importance: High


Hello,

> I think the easiest way, since you have ACID, is to query on your IP
> address in ACID, and then tell it to delete the whole query. It will
> clean up nicely.
Not it if you have 100,000 records or more.

Sorry for a one-liner, but archiving/deleting with ACID for large
databases is very unstable. I have not found a way to recover my
ACID/snort database after it was flooded by thousands of records. That
leaves in pretty much unusable shape.

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org


_

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users