[Snort-users] Snort, MySQL, Acid

Whaley, Mike mwhaley at ...5464...
Mon May 6 13:13:03 EDT 2002


I have the same configuration on win2k and I just fixed this problem with
mine.  First, increase your timeout value in your acid_conf.php file.  Next
you'll get cgi errors for IIS is you are running that.  Increase your
timeout for IIS and that should fix it.  For about 25,000 records it takes
about 1300 seconds to move the data to another archive on my machine.
Everything works great now and I can successfully move, copy, and delete
large amounts of data.

Mike Whaley

-----Original Message-----
From: Anton A. Chuvakin [mailto:anton at ...5376...]
Sent: Monday, May 06, 2002 1:33 PM
To: Tim Sailer
Cc: Redman, Ken; Snort Users List (E-mail)
Subject: Re: [Snort-users] Snort, MySQL, Acid
Importance: High


Hello,

>I think the easiest way, since you have ACID, is to query on your IP
>address in ACID, and then tell it to delete the whole query. It will
>clean up nicely.
Not it if you have 100,000 records or more.

Sorry for a one-liner, but archiving/deleting with ACID for large
databases is very unstable. I have not found a way to recover my
ACID/snort database after it was flooded by thousands of records. That
leaves in pretty much unusable shape.

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org


_




More information about the Snort-users mailing list