RE: CPU usage!

["Esler, Joel - Contractor" <joel.esler () rcert-s army mil>]

We've turned off DNS and stuff upon load, to make it faster.  We've
included a perl script (in the scripts directory)  called
base_maintenance.pl that automate this process.



Joel Esler
Project Lead, BASE


-+------Original Message-----
-+-From: snort-users-admin () lists sourceforge net [mailto:snort-users-
-+-admin () lists sourceforge net] On Behalf Of Wes Young
-+-Sent: Monday, May 09, 2005 10:22 AM
-+-To: mahboobeh soleimani
-+-Cc: snort-users () lists sourceforge net
-+-Subject: Re: [Snort-users] CPU usage!
-+-
-+------BEGIN PGP SIGNED MESSAGE-----
-+-Hash: SHA1
-+-
-+-Whenever you use ACID (and or Base at this point) everytime you load
a
-+-page, it caches all the recent alerts from your SnortDB to the
-+-Acid_alert cache  table. Something that I found speeds up the process
is
-+-a simple perl script or cronjob that queries the main webpage every X
-+-min's to trigger this. (# update the Base alert cache
-+-* * * * * root curl https://localhost/base_main.php -k >& /dev/null
-+-)
-+-
-+-helps for when you don't use acid/base for a while, keeps your alert
-+-cache up to date for when you use it again (thus spreading out that
90%
-+-load you see over the period in which you dont use acid/base).
-+-
-+-mahboobeh soleimani wrote:
-+-> Hi there.
-+->
-+-> I recently have installed Snort and ACID on a system which its
-+-> specifications are listed bellow:
-+->  1. 512 M RAM
-+-> 2. 100 GIG hard disk (IDE)
-+-> 3. CPU 2.40GHz
-+->
-+-> and when I try to bring ACID up for the first time the CPU usage of
-+-> system goes to more than 90% and on the other hand when I send a
-+-request
-+-> (by using ACID) the CPU usage of my system goes to more that 90%
too.
-+-> I installed Snort and ACID and database all on this system and no
more
-+-> server I am using (something like DB server). Sensor sniffs at most
3
-+-> Mbit/sec (by using a monitor port) and I use mysql for saving the
-+-alerts
-+-> in a database.
-+-> Do you think my problem is due to the hardware which I am using?
-+->
-+-> thanks in advance.
-+->
-+-> M.S.
-+->
-+->
-----------------------------------------------------------------------
-+--
-+-> Yahoo! Mail Mobile
-+-> Take Yahoo! Mail with you!
-+->
-+-<http://us.rd.yahoo.com/mail_us/taglines/mobile/*http://mobile.yahoo.
com/
-+-learn/mail>
-+-> Check email on your mobile phone.
-+------BEGIN PGP SIGNATURE-----
-+-Version: GnuPG v1.4.1 (GNU/Linux)
-+-
-+-iD8DBQFCf3IH1M5o0FsrrbERAoDlAJ9HSMXWe6wOV66PHXcvq/jJD40JEgCeIzf2
-+-idfxyl6RBGL3gQanwcJqrR8=
-+-=E2JC
-+------END PGP SIGNATURE-----
-+-
-+-
-+--------------------------------------------------------
-+-This SF.Net email is sponsored by: NEC IT Guy Games.
-+-Get your fingers limbered up and give it your best shot. 4 great
events,
-+-4
-+-opportunities to win big! Highest score wins.NEC IT Guy Games. Play
to
-+-win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
-+-_______________________________________________
-+-Snort-users mailing list
-+-Snort-users () lists sourceforge net
-+-Go to this URL to change user options or unsubscribe:
-+-https://lists.sourceforge.net/lists/listinfo/snort-users
-+-Snort-users list archive:
-+-http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users