[Snort-users] insert speed of mysql v. postgresql

Chris Green cmg at ...671...
Tue Jan 9 17:58:14 EST 2001

Processing about 1400 or so packets saved in binary tcpdump format from
an active sensor and then rerunning them through another snort gives
me some interesting timings.

This is snort.sh

./snort -h xxx.xxx.0.0/16 -p -r ~/snort-0108 at ...1115... -c snort.conf -l .

Only difference in config files is 1 points to MySQL-3.23.23 and one
points at postgresql-7.0.3.

postgresql: ./snort.sh  2.40s user 0.31s system 1% cpu 4:07.15 total
mysql: ./snort.sh  2.17s user 0.15s system 50% cpu 4.550 total

I get almost a 60x difference in speed logging to the same
partition. Both sql setups are fairly out of the box.  Is there any
hope on getting postgresql faster or has everyoen given up on using it
for ids logging?

I'm only looking at the very small end right now and I've heard lots
of people talk about MySQL buckling w/ 1E6 alerts and I've not tested
the high end.

Has anyone done anywhere near complete sql backend benchmarks for snort?
