[Snort-users] Clearing the snort database

LaRose, Dallas dlpassport at ...6137...
Tue Jun 17 14:27:10 EDT 2003


> I doubt the database is "full".  What's probably happening is that
> ACID can no longer load its tables in a reasonable amount of time.
> The bigger the database, the slower ACID loads.

I had some performance issues early in the game with ACID.  I found
that the incremental updates on the alert cache are what caused the
performance issues, not database size.  To circumvent this issue, I
configured wget in cron to update the alert cache and configured
ACID not to update the cache when loading the page.  This really
helped.


> I suspect the database is full so i want to clear it but 
> being new to IDS i'm not sure how.

The easiest way I find to clear this is to drop the database,
Recreate using the create_mysql script from the contrib dir, then
regrant permissions.  To build the ACID tables, just start the
ACID interface and create the AGs.

If you need more details, let me know.

dallas




More information about the Snort-users mailing list