[Snort-users] Snort 1.7 and Acid 0.9.6b9 and MySQL 3.23.32
roman at ...438...
roman at ...438...
Wed May 16 09:41:35 EDT 2001
> I am assuming he is running similar versions of the
> os/snort/and acid (almost positive)
- Is it certain that both you and your colleague have the same
"max_execution_time" paramter in PHP set?
- Is there interest (and comforty) in the community for ACID to
directly modify this paramerter to facilitate "long running"
> the cpu utilization all most peaks for the mysql process during
> this query)
This consequence is not so surprising since in the current
implementation you will be making n-database requests
for n-alerts to delete. Delete is a rather disk and cpu intensive
operation. It need to both analysze the correct records (cpu),
and read/write the results (disk). That being said, optimizations
to the current delete algorithm need to be made (there is much
room for improvement).
> I am using Snort 1.7 and ACID 0.9.6b9 with mysql 3.23.32 on a dual 733 w/
> 256 mb Ram on a RH 7.0 machine.
> When using ACID, any query (today's unique alerts, etc) would take about
> 10-15 secs for a complete response (~15 unique alerts, nothing huge) and
> full info on the page. When I go to delete ..say 70,000 records out of
> about 300,000 the php script times out (30 secs execution timeout) I was
> talking to a friend who runs snort on a similar box and he was explaining
> that hes deleted 100,000+ records w/o any timeout errors, and the overall
> operation of acid and its queries is very responsive. I am assuming he is
> running similar versions of the os/snort/and acid (almost positive) (note:
> the cpu utilization all most peaks for the mysql process during this query)
> ...any ideas?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
This message was sent using Voicenet WebMail.
More information about the Snort-users