[Snort-users] how ACID delete older rows ?

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Wed Nov 24 09:06:20 EST 2004


--On 24 November 2004 13:33 -0800 Mahboobeh Soleimani <soleimani at ...12709...> 
wrote:

> Hi everbody.
>
> I have installed Snort and ACID on my system but after some weeks my
> mysql  's tables growed and the speed of proccesing decrised.i can see
> any result  in ACID after some weeks
>
> .I would like to know
> 1)how ACID 's processing speed doesnt decrise by incrising the amount of
> mysql ?

It doesn't. The more alerts you have, the worse it gets. In my experience, 
this is worse than linear, too.

> 2) how ACID delete older rows of mysql when it fulls?

It doesn't. You probably want archivePlus.pl or purge_database.sh (google 
will find them).

> regards.
> M.S.

HTH,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list