[Snort-users] Snort-DNS lookup question
jberry at ...12157...
Wed Aug 18 08:29:12 EDT 2004
This is ACID doing the DNS lookup, not snort. You can fix this by
editing the acid_conf.php file and changing to this value:
resolve_IP = 0;
1) show_summary_stats = 0; # This will disable showing stats at the top
2) event_cache_auto_update = 0; # Huge performance boost but you will
have to manually update your cache
3) main_page_detail = 0; # Has to do with summary stats
4) show_previous_alert = 0; # Will only show first/last alert
Also, if you regularly delete data from ACID you should optimize your
database. When I used ACID I use to have this run from cron once a
for table in `echo show tables | mysql <name_of_snort_db> | tail +2`
echo optimize table $table | mysql <name_of_snort_db>
This requires the root user to have access to the db without a password
from localhost. If the root user does not have this access you can
specify one that does with -u <user_name> after the dbname. Or if you
need a password you can do a -u <user_name> --password=<password>.
On Wed, 2004-08-18 at 08:52, Clayton Mascarenhas wrote:
> When I run Acid.. it takes a lot of time to show up..
> I'm guessing its because of the excessive number of
> alerts I am receiving. Inorder for me to improve the
> speed ... in a little way... is there any way in
> snort where I can remove its capability of trying to
> look up the DNS to try to resolve the ip addresses it
> catches in the alert files. My thinking is that by
> stopping this function in snort... Acid wont have that
> "FQDN" column that always shows me Unable to resolve
> address... thus improving the speed. Please could
> someone correct me if I am wrong... or let me know how
> to remove the DNS lookup in snort.
> Do you Yahoo!?
> New and Improved Yahoo! Mail - Send 10MB messages!
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users