Snort mailing list archives
RE: Question on database for Snort
From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Tue, 1 Apr 2003 13:24:44 -0600
My guess is that less joins are being done to get the speed lost in applications like ACID. Specifically, with a primary key that is two values, you lose lots of points (create tons more CPU cycles and add enormous IO time) doing outer joins on tables (like you'd have to for tcphdr, icmphdr, udphdr....). Simply taking out those tables which join to iphdr will often save a great deal of time, but can be a problem when the information is needed... and the user has to wait a while for it to show up. -----Original Message----- From: Paul Schmehl [mailto:pauls () utdallas edu] Sent: Tuesday, April 01, 2003 12:41 PM To: Michael Anderson Cc: Snort Users List Subject: Re: [Snort-users] Question on database for Snort On Mon, 2003-03-31 at 15:45, Michael Anderson wrote:
Just curious, are you querying the standard snort database or are you loading the snort data into a specialized database?
We're querying the standard 16 tables that are created by the script that comes with snort.
And by any chance are you going to make your tool available to the public or is it proprietary?
It *may* be made public if we're satisfied that's it's useful enough. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Question on database for Snort FWAdmin (Apr 01)
- RE: Question on database for Snort Erek Adams (Apr 01)
- <Possible follow-ups>
- Re: Question on database for Snort Paul Schmehl (Apr 01)
- RE: Question on database for Snort Kreimendahl, Chad J (Apr 01)
- RE: Question on database for Snort Paul Schmehl (Apr 01)
- RE: Question on database for Snort FWAdmin (Apr 01)
- RE: Question on database for Snort Erek Adams (Apr 02)
- RE: Question on database for Snort FWAdmin (Apr 02)
- Re: Question on database for Snort David Alonso De La Vega Tapage (Apr 02)