[Snort-users] Snort, MySQL, Acid
mwhaley at ...5464...
Mon May 6 13:18:03 EDT 2002
Just curious, what is your hardware configuration? I've got snort tuned
down to about 10,000 events a day and run it on a Celeron 400 Mhz with 512
MB of PC100 ram. This is about all this box can handle and it runs at about
60% utilization all the time, sometimes pegged out for brief moments. Well,
take it easy.
From: Tim Sailer [mailto:sailer at ...2968...]
Sent: Monday, May 06, 2002 1:37 PM
To: Anton A. Chuvakin
Cc: Redman, Ken; Snort Users List (E-mail)
Subject: Re: [Snort-users] Snort, MySQL, Acid
On Mon, May 06, 2002 at 03:32:54PM -0400, Anton A. Chuvakin wrote:
> >I think the easiest way, since you have ACID, is to query on your IP
> >address in ACID, and then tell it to delete the whole query. It will
> >clean up nicely.
> Not it if you have 100,000 records or more.
Really? I guess it all depends on your hardware and configuration.
We get 100k records or more on a bad day. 1-3 million records
is what the max we can handle in the database at one time. It's no speed
demon by any stretch, but it still runs and doesn't crash.
> Sorry for a one-liner, but archiving/deleting with ACID for large
> databases is very unstable. I have not found a way to recover my
> ACID/snort database after it was flooded by thousands of records. That
> leaves in pretty much unusable shape.
> Anton A. Chuvakin, Ph.D.
Tim Sailer <sailer at ...2968...>
Brookhaven National Laboratory (631) 344-3001
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users