[Snort-users] SnortSnarf taking long time to run..???

Owen Creger OCreger at ...6622...
Sat Aug 17 05:51:02 EDT 2002


I had run into the same problem.  SnortSnarf would take an unacceptable
amount of time and consume 100% of the processor.  I solved this by moving
to using MySQL and ACID.
I have come to like ACID much better than SnortSnarf.
IMHO SnortSnarf is a great product, but only for low volume situations.
Once your logs get too big, SnortSnarf has problems with speed and processor
utilization.

Owen C. Creger CCNA, CISSP
Info. Sec. Administrator
Creative Solutions, a Thomson Company.
7322 Newman Blvd.
Dexter, MI  48130
email: ocreger at ...6620...
ph: 734-426-5860 ex. 3787
fax: 734-426-5946
cell: 734-223-6270


> -----Original Message-----
> From: David Bizzle [mailto:dbizzle at ...6640...]
> Sent: Friday, August 16, 2002 3:10 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] SnortSnarf taking long time to run..???
> 
> 
> when i run snortsnarf, its taking DAYS ( i mean DAYS) to 
> process these logs that i have. I'm trying to proccess the 
> weekly log files generated by snort. There is only 3 of them, 
> about 50mgs a piece. I don't understand why its taking so 
> long to process. Just really want to know if anyone else is 
> having this problem or is it something i'm doing.
> 
> here is my command 
> 
> ./snortsnarf.pl -d /var/www/html/SnortSnarf -db 
> /var/www/html/SnortSnarf/annotations/new-annotation-base.xml 
> -dns -rulesfile /root/snort.conf -ldir 
> "file://var/log/snort/" /root/alert.weekly 
> /root/alert.weekly.1 /root/alert.weekly.2
> 
> any ideas?
> 
> thanks
> 
> david
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list