[Snort-users] insert speed of mysql v. postgresql

Martin Roesch roesch at ...421...
Thu Jan 18 02:17:50 EST 2001


I think that something else is going on here, Postgres is supposed to be
very capable these days (some drag races have it faster than MySQL
even).  Perhaps there is some optimization that could be performed in
the plugin as well as at the administrative end of the database?

   -Marty

Chris Green wrote:
> 
> Processing about 1400 or so packets saved in binary tcpdump format from
> an active sensor and then rerunning them through another snort gives
> me some interesting timings.
> 
> This is snort.sh
> 
> ./snort -h xxx.xxx.0.0/16 -p -r ~/snort-0108 at ...1115... -c snort.conf -l .
> 
> Only difference in config files is 1 points to MySQL-3.23.23 and one
> points at postgresql-7.0.3.
> 
> postgresql: ./snort.sh  2.40s user 0.31s system 1% cpu 4:07.15 total
> mysql: ./snort.sh  2.17s user 0.15s system 50% cpu 4.550 total
> 
> I get almost a 60x difference in speed logging to the same
> partition. Both sql setups are fairly out of the box.  Is there any
> hope on getting postgresql faster or has everyoen given up on using it
> for ids logging?
> 
> I'm only looking at the very small end right now and I've heard lots
> of people talk about MySQL buckling w/ 1E6 alerts and I've not tested
> the high end.
> 
> Has anyone done anywhere near complete sql backend benchmarks for snort?
> --
> Chris Green <cmg at ...671...>
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/mailman/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list