[Snort-users] ACID 0.9.6b23 Search page issue

McGuire, Dennis dmcguire at ...8127...
Tue Jan 28 18:33:05 EST 2003


> How long does it take for the search page to come up (even in 
> a partial state)?  How big is the Snort data table on your 
> disk?  I've seen problems with ACID where you try to remove 
> old alerts, but it only removes the alert entry from the 
> acid_alert table, not the data table.  As such, when I 
> thought I was cleaning out old stuff I really had a data 
> table that wasn't getting cleaned out.
> 
> This data inconsistentcy that seems to present itself with 
> large tables is 
> fairly worrisome which is why I'm writing a small DBI script 
> to remove old 
> alerts entirely.
> 
> Cheers - Erick
> 

Erick,

- The Search page loads in les than 1 second.
- The snort data table is:
[root at ...8141... snort]# ls -la /var/lib/mysql/snort/data*
-rw-rw----    1 mysql    mysql        8614 Aug 12 06:14
/var/lib/mysql/snort/data.frm
-rw-rw----    1 mysql    mysql    56239460 Jan 28 20:31
/var/lib/mysql/snort/data.MYD
-rw-rw----    1 mysql    mysql      692224 Jan 28 20:31
/var/lib/mysql/snort/data.MYI

Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030128/9ebf05c5/attachment.html>


More information about the Snort-users mailing list