[Snort-users] Snort to Oracle

Steven Rudolph srudolph at ...4612...
Fri Jan 3 14:04:03 EST 2003

It is running on a sun Netra separate form Snort and my web server.  It
really starts bogging down at over 100K alerts.
The Netra easily reaches 100% CPU when doing queries when the database
is over 100K alerts.
I have an Sun E220r sitting around with dual procs, maybe that will work
Ahh well, I made some major changes to the rulebase today and it is not
alerting as much now, but I will find out soon if this will work.
Thanks for all of your suggestions.

-----Original Message-----
From: O'Flynn, Derek [mailto:DOFlyn at ...6551...]
Sent: Friday, January 03, 2003 2:48 PM
To: 'Steve Suehring'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snort to Oracle

I have at least 15k alerts per day running on MySQL and don't have an
issue.  I usually keep about 300k alerts in my database before I purge
any out.

Machine is a P4 - 1.8Ghz, 1GB Ram running Redhat 7.3, Snort 1.9 


-----Original Message----- 
From: Steve Suehring [ mailto:snort at ...7160...
<mailto:snort at ...7160...> ] 
Sent: Friday, January 03, 2003 1:24 PM 
To: snort-users at lists.sourceforge.net 
Subject: Re: [Snort-users] Snort to Oracle 

On Fri, Jan 03, 2003 at 01:07:53PM -0500, Nicholas Bachmann wrote: 
> > I am getting well over 15K detected attempts a day and my database 
> > grows too quickly for MySql to handle (my current setup) 

MySQL shouldn't have any problems handling 15K of anything per day.  

I personally wouldn't have much faith in Oracle handling it better, all 
things being equal.  Oracle has higher overhead and 15K of records isn't

that much data to begin with.  Obviously if you're running MySQL on a
and Oracle on a P4 there would be a difference.  :) 

Are there specific issues that you're seeing with MySQL? 


This sf.net email is sponsored by:ThinkGeek 
Welcome to geek heaven. 
http://thinkgeek.com/sf <http://thinkgeek.com/sf>  
Snort-users mailing list 
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe: 
Snort-users list archive: 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030103/3c8f5908/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2220 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030103/3c8f5908/attachment.bin>

More information about the Snort-users mailing list