[Snort-devel] database schema: postgresql

Edward Balas ebalas at ...1183...
Wed Mar 6 12:24:49 EST 2002

On Tue, 5 Mar 2002, Steve Halligan wrote:

> Perhaps, as Barnyard becomes the norm for doing the actual
> grunt work of database insertion, the penalty of building this
> into the schema will become moot.  Snort can spool out data to
> its hearts content, Barnyard can do nasty slow inserts the "right" way.
> -steve
> >>
> >>Referential integerity has been discussed in some detail in
> >>the past.  It was
> >>explicitly avoided in the schema used in Snort to decrease the
> >>INSERTion time.
> >>
> >>As you point out, this omission can be painful from the
> >>analysis perspective.
> >>If you look in ACID CVS, I committed some code this morning
> >>which provides the
> >>DDL commands to create the necessary referential integrity to
> >>do ON DELETE
> >>CASCADE-ing.
> >>
> >>Roman
> >>
> >

The use of Barnyard does seem like the right way to go long term...
Ill poke around to see how difficult it might be to provide postgresql

For what it is worth, aside from making the data robust and convinient
the adding of cascading deletes does not seem to improve the delete
performance... we with 44k events it is still taking > 30 min, I havent
yet had let it run to completion.  It still may be better, but its not
in the what I would consider usable ;-(

Ill do some more poking arround.


More information about the Snort-devel mailing list