[Snort-users] Question on database for Snort

Kreimendahl, Chad J Chad.Kreimendahl at ...4716...
Tue Apr 1 11:29:01 EST 2003


My guess is that less joins are being done to get the speed lost in
applications like ACID.  Specifically, with a primary key that is two
values, you lose lots of points (create tons more CPU cycles and add
enormous IO time) doing outer joins on tables (like you'd have to for
tcphdr, icmphdr, udphdr....).

Simply taking out those tables which join to iphdr will often save a
great deal of time, but can be a problem when the information is
needed... and the user has to wait a while for it to show up.

-----Original Message-----
From: Paul Schmehl [mailto:pauls at ...6838...] 
Sent: Tuesday, April 01, 2003 12:41 PM
To: Michael Anderson
Cc: Snort Users List
Subject: Re: [Snort-users] Question on database for Snort


On Mon, 2003-03-31 at 15:45, Michael Anderson wrote:
> Just curious, are you querying the standard snort database or are you
> loading the snort data into a specialized database?

We're querying the standard 16 tables that are created by the script
that comes with snort.

>   And by any chance are you going to make your tool available to the
> public or is it proprietary?
> 
It *may* be made public if we're satisfied that's it's useful enough.

-- 
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list