[Snort-users] Speeding up mysql

Kevin Brown Kevin.M.Brown at ...1022...
Fri Oct 19 10:12:25 EDT 2001


What schema are you using?  What version of Mysql?  I'm using schema 104,
Mysql 3.23.43 and according to the mysql manual (looking at mysql.com) it
says that indexes are automatically made on Primary keynames.  So doing a
"show index from <tbl_name>" shows that each of the tables that contain a
CID column are indexed already.  Same thing with signature in the event
table and sig_id in the signature table.

> -----Original Message-----
> From: quentyn at ...3871... [mailto:quentyn at ...3871...]
> Sent: Friday, October 19, 2001 09:42
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Speeding up mysql
> 
> 
> Hi all,
> 
> this my be of use to everyone logging snort to a mysql db (don't know
> about others)
> 
> we were having problem with the mysql backend to snort with respect to
> speed. Using snort report took over 3mins to generate (using Snort
> Report Version 1.06). My colleague managed to grab one of our 
> developers
> and came up with the following changes to the mysql db structure (if
> this kills your DB we take *NO* responsibility) ....
> 
> alter table iphdr add index(cid);
> alter table event add index(cid);
> alter table tcphdr add index(cid);
> alter table event add index(signature);
> alter table signature add index(sig_id);
> 
> now the report comes back in seconds (with 34044 records in event)
> whereas it use to take 3-4 mins (on a single 800 with 2Gb RAM)
> 
> He is now looking at optimizing the PHP to see if he can 
> speed up that.
> 
> YMMV - but I hope it helps. 
> 
> 
> Q
> 
> 
> 
> -- 
> #####################
> Quentyn Taylor
> Sysadmin - Fotango
> #####################
> Quidquid latine dictum sit, altum viditur (anything said in 
> Latin sounds
> lofty)
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list