[Snort-users] Snort log previewing with Acid.

Erek Adams erek at ...950...
Thu Jan 16 06:59:05 EST 2003

On Thu, 16 Jan 2003, Anthony Liberty wrote:

> i've trouble when previewing snort report with acid.
> when the attack data is small, acid can show the alert report.
> but when the attack data is quite large , acid can't show the alert report.
> anybody has any idea how to tuning up this acid-mysql. i'm quessing this is
> a problem of memory ,coz mysql needs large memory to query large data.
> my memory is 128Mb,with 512 swap and PIII-800.
> is there any script to be add to tuning up this acid report , or have u ever
> try to change mysql to postgressSQL , is it more faster ?

You're right.  You really need more memory on that box.  Get as much on it
as you can.  You really can't ever get 'too much'.

As for speeding up MySQL, check the archives [0].  There was some
discussion on the list or snort-dev about improving performance on MySQL.
I don't recall exactly what, but I think it was adding some indexes to the


[0]	http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2

