[Snort-users] Snort, MySQL, Acid

Tim Sailer sailer at ...2968...
Mon May 6 12:45:06 EDT 2002

On Mon, May 06, 2002 at 03:32:54PM -0400, Anton A. Chuvakin wrote:
> Hello,
> >I think the easiest way, since you have ACID, is to query on your IP
> >address in ACID, and then tell it to delete the whole query. It will
> >clean up nicely.
> Not it if you have 100,000 records or more.

Really? I guess it all depends on your hardware and configuration.
We get 100k records or more on a bad day. 1-3 million records
is what the max we can handle in the database at one time. It's no speed
demon by any stretch, but it still runs and doesn't crash.


> Sorry for a one-liner, but archiving/deleting with ACID for large
> databases is very unstable. I have not found a way to recover my
> ACID/snort database after it was flooded by thousands of records. That
> leaves in pretty much unusable shape.
> Best,
> -- 
>      Anton A. Chuvakin, Ph.D.
>      http://www.chuvakin.org
>    http://www.info-secure.org

Tim Sailer <sailer at ...2968...> 
Brookhaven National Laboratory  (631) 344-3001

More information about the Snort-users mailing list