[Snort-users] Re: Snort-users digest, Vol 1 #1451 - 8 msgs

Wynn Fenwick wfenwick at ...2714...
Fri Jan 4 20:28:02 EST 2002


Postgresql 7.1.3, Redhat 7.2, ACID 0.9.6b19, Compaq ML370 (dual P-III 400s I
think?)

We did a move of 3000 alerts to the archive database in 569 seconds today.
However, this machine does lots of other stuff, you are doing a lot of selects and
inserts, and postgres is much slower than MySQL.

There are some threads google finds on performance tuning including making sure
all your indexes are there, and there is a lot of PGSQL tuning you can do.

W

snort-users-request at lists.sourceforge.net wrote:

> Subject: Re: [Snort-users] Deleting messages in ACID (wh~~~~
> Date: Fri, 4 Jan 2002 09:54:05 -0700
> From: Phil Wood <cpw at ...440...>
> To: Daedalus <daedalus at ...494...>
> CC: snort-users at lists.sourceforge.net
> References: <m16MWrt-000Ko7C at ...494...>
>
> On Fri, Jan 04, 2002 at 10:06:52AM -0600, Daedalus wrote:
> > About how long should it take to delete ~1000 alerts from a Postgresql
> > database using ACID?
>
> It takes me about 129 seconds to delete 8000 alerts in MYSQL.
> I only had 28244 alerts to start.  This was on a PII 300Mhz.
>
> My acid version is: ACID v0.9.6b20, snort is 1.8.3(88)
>
> >
> > When I try this I get different results, none of them satisfactory.
> > Most often the browser will sit for a few hours then return the
> > top of an ACID page including the message about how many alerts
> > where added to the cache, but blank after that. The DB has about
> > 150,000 alerts in it. (I'm still working on thining out my rule
> > sets ;-))
> >
> > P2 500Mhz
> > RH 7.2
> > Postgresql the came with RH 7.2
> > latest ACID and required stuff
> >
> > Thanks for any insight,
> > -Bill
> >





More information about the Snort-users mailing list