[Snort-users] Snort and MySQL

Kevin.Brown at ...1022... Kevin.Brown at ...1022...
Mon Jan 22 14:25:11 EST 2001


Well I got my problems fixe (thanks all) and now have snort logging to a
remote db.  Encountered an interesting thing.  I have consoles with me logged
into both boxes and I'm running top.  Then I use acid to view data in the db
and notice that while mysql is busy handling the query, snort drops from 98%
to 17% cpu utilization, then goes back to 98% after mysql finishes the
query.  In the same time mysqld goes from 4% utilization to 98% utilization
while handling the query, then falls back to less than 4%.  Given a few weeks
I'll go through the ruleset and retailor for our network based on what it did
see and what we don't really care about to try to reduce the load on the
sensor.





More information about the Snort-users mailing list