[Snort-users] Mysql Performance with snort and demarc/puresecure

Greg Robinson greg at ...3899...
Fri Jul 12 07:24:03 EDT 2002


I am logging about that many hits to the database as well....what I have
done is seperate mysql off of the sensor....and then seperated demarc and
apache off to a yet another box....kind of a 3 tiered approach...
I got a huge performace gain from this config.....also my snort sensor has
two interfaces in it....one for just snort to run on and collect data....and
the other is connected to the network with mysql .....so that way I am not
trying to write to the database on the same interface that i am collecting
data on.....

Hope this helps.....

Greg
----- Original Message -----
From: "Michael Gargiullo" <gargiullo at ...5068...>
To: "Dave Packham" <dave.packham at ...6171...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, July 11, 2002 9:16 PM
Subject: Re: [Snort-users] Mysql Performance with snort and
demarc/puresecure


> Have you checked out the mysql site for performance tips?
>
>
> On Sun, 2002-07-07 at 23:52, Dave Packham wrote:
> > I am using a dual GIG CPU box with 1 GIG of ram with demark/puresecure
> > and logging about 20k+ events per hour into my snort collector with
> > MySql.  I have used the my-huge.cnf file to allow MySql to use a ton of
> > ram.   My question is...  what are some other tweaks that I can use at
> > the OS or MySql level to get better performance?
> >
> > Hdparm?
> > Mysqloptimize?
> >
> > Can I pre build some lookups during the night etc?
> >
> > Anything?
> >
> > Thanks
> >
> > Dave Packham
> > U of Utah
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Oh, it's good to be a geek.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> PC Mods, Computing goodies, cases & more
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>






More information about the Snort-users mailing list