[Snort-users] Database performance question (MySQL or PostgreSQL?)

Jyri Hovila jyri.hovila at ...2940...
Fri Sep 26 00:25:02 EDT 2003


Please let's not let this turn this into SQL wars. =)

I'm sure this issue has been discussed several times before but I'm
unable to find anything about it in the snort-users archives.

I'm currently running several Snort sensors with a central MySQL
database. Recently the database speed has become a problem. When the
number of alerts is starting to reach 100 000, ACID is starting to get
slow. Add another 100 000 alerts and ACID is almost unusable.

My database server is not doing anything else but running MySQL and
ACID. Here are the specs:

- Pentium II 450 MHz (normally almost totally idle, jumps to 80% when
making SQL queries)

- 384 RAM (about 50% used, jumps to 60-70% when making queries)

- 7200 RPM IDE HD (yes, I know...)

As CPU and RAM utilization is almost never higher than 80% and still the
queries take awfully long to finish, could the HD be a problem?

I remember seeing discussions about differences between MySQL and
PostgreSQL performance. If I remember correctly, PostgreSQL was believed
to be somewhat faster. Could anybody with some real life experience on
this issue share hers/his knowledge?


- Jyri

More information about the Snort-users mailing list