[Snort-users] Snort 1.7 and Acid 0.9.6b9 and MySQL 3.23.32

roman at ...438... roman at ...438...
Wed May 16 09:41:35 EDT 2001


>  I am assuming he is  running similar versions of the 
> os/snort/and acid (almost positive)

- Is it certain that both you and your colleague have the same
"max_execution_time" paramter in PHP set?

- Is there interest (and comforty) in the community for ACID to 
directly modify this paramerter to facilitate "long running" 
operations?

>  the cpu utilization all most peaks for the mysql process during 
> this query)

This consequence is not so surprising since in the current
implementation you will be making n-database requests
for n-alerts to delete.  Delete is a rather disk and cpu intensive
operation.  It need to both analysze the correct records (cpu),
and read/write the results (disk).  That being said, optimizations
to the current delete algorithm need to be made (there is much
room for improvement).

cheers,
Roman

> I am using Snort 1.7 and ACID 0.9.6b9 with mysql 3.23.32 on a dual 733 w/
> 256 mb Ram on a RH 7.0 machine.
> 
> When using ACID, any query (today's unique alerts, etc) would take about
> 10-15 secs for a complete response (~15 unique alerts, nothing huge) and
> full info on the page.  When I go to delete ..say 70,000 records out of
> about 300,000 the php script times out (30 secs execution timeout)  I was
> talking to a friend who runs snort on a similar box and he was explaining
> that hes deleted 100,000+ records w/o any timeout errors, and the overall
> operation of acid and its queries is very responsive.  I am assuming he is
> running similar versions of the os/snort/and acid (almost positive) (note:
> the cpu utilization all most peaks for the mysql process during this query)
> 
> ...any ideas?
> 
> -Chris
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list