[Snort-users] Snort log previewing with Acid.

Joseph Gresham joe at ...7531...
Fri Jan 17 07:40:04 EST 2003


I find that Mysql is lots faster (see
http://www.andrew.cmu.edu/~rdanyliw/snort/perf/acid_perf.html)
If you are having a hard time with large alerts it is probably the
max_script_runtime variable in acid_conf.php.  This will basicaly stop
the script after x seconds of execution.  I had to increase this value
to 1800 seconds for som equeries to work.  

On Wed, 2003-01-15 at 20:16, Anthony Liberty wrote:
> hi snort user,
> 
> i've trouble when previewing snort report with acid.
> when the attack data is small, acid can show the alert report.
> but when the attack data is quite large , acid can't show the alert report.
> 
> anybody has any idea how to tuning up this acid-mysql. i'm quessing this is
> a problem of memory ,coz mysql needs large memory to query large data.
> my memory is 128Mb,with 512 swap and PIII-800.
> 
> is there any script to be add to tuning up this acid report , or have u ever
> try to change mysql to postgressSQL , is it more faster ?
> 
> 
> thanks,
> --thony--
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by: A Thawte Code Signing Certificate 
> is essential in establishing user confidence by providing assurance of 
> authenticity and code integrity. Download our Free Code Signing guide:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Joseph J. Gresham Jr.
Systems Integration/Network Engineer
OnShore Inc.
312-850-5200 x.138







More information about the Snort-users mailing list