[Snort-users] distributed snort

Andreas Hasenack andreas at ...1574...
Tue Oct 9 06:36:18 EDT 2001


Em Tue, Oct 09, 2001 at 02:55:21AM -0500, Tim Hughes escreveu:
> back to mysql and ACID on the backend.  After 2 days or so (15-20K alerts),
> I found that on my underpowered box (400 Celeron, 128 MB RAM, RedHat 6.2) it
> would take an exteremely long time to query the database.

I think something is wrong here.
I have a setup with over 120k alerts, MySQL, K6-3D 400MHz 64Mb running also a webserver
which doesn't take an "extremely long" time to do the queries (with ACID on
an internal host).
The first page view of the day (where acid does the caching, i.e., it
takes longer than usual) just took 67s, and it archived 3449 alerts. The next
reload (shift-reload, to bypass cache, etc) took 16s.






More information about the Snort-users mailing list