[Snort-users] PostgreSQL vs MySQL?

Nels Lindquist nlindq at ...3834...
Tue Oct 16 08:25:15 EDT 2001

On 16 Oct 2001 at 13:28, Jesus Couto wrote:

> I'm trying to decide what database backend to use for a "lightweight"
> IDS running snort. Basically, the idea is that the machine should not
> use a lot of disk, but log everything to the database.
> Initially, my thoughs were "well, PostgreSQL supports transactions,
> so maybe its safer to use", but looking at the log of whats do a live Snort
> writes to a PostgreSQL database, I see that it makes a transaction for
> every single insert in every single table, not a transaction for the whole
> set of inserts that make an event.

That might explain my experience.

I first set up snort to log to PostgreSQL because I was running MySQL 3.22.x, which isn't compatible.  
I'd heard that Postgres is much faster these days, and with the transaction support, etc. I figured it 
would be superior.  It didn't take long, however, before ACID became unusable.  Deleting several hundred 
false positives, for example, would take *twenty minutes.*  I upgraded my MySQL installation, transferred 
the database over (bit of a pain in itself) and started running with MySQL instead.  Now transactions 
that took many minutes are finished in a couple of seconds, and the database is half the size that 
PostgreSQL was.

I really had no idea why the performance disparity should be so great.  From what I've heard, PostgreSQL 
should be just as fast as MySQL these days, and faster in certain situations.  I suspect that ACID is 
highly un-optimized for use with Postgres.
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

More information about the Snort-users mailing list