[Snort-users] Database performance question (MySQL or PostgreSQL?)

Marc Quibell mquibell at ...7759...
Fri Sep 26 07:04:07 EDT 2003



Hi Jyri,
I've always had that problem, except my CPU is a bit bigger than yours, I think
it's a 750 MHZ. Anyways, I noticed the CPU jumps to 100% when I have over
100,000 (or a large number) alerts and I start deleting them. It takes forever
and usually times out b4 it can delete them all (so I increased the timeout
value).

I have another machine sitting next to it that had dual processors and more
memory, and it was only running Snort, so I swapped hardware between the two and
added the multi-processor kernel. Now when I look at the processor utilization,
both processors are still hit hard, but not topped-out, and the memory usage is
much better, The result is that I can delete 1000's of alerts, much faster.

Marc








More information about the Snort-users mailing list