[Snort-users] BASE performance

Willy, Andrew AWilly at ...13017...
Tue Feb 22 06:55:38 EST 2005


Gentlemen,

Thank you for your replies.  It turns out my IDS config is to blame, and
address resolution (unableto+waitingfortimeout) was leading to the
delay/lag.  

For the record, if for some reason you'd like to turn address resolution
off, Kevin Johnson advises: "In your base_conf.php file I would recommend
changing $resolve_IP to equal 0 and try again."

Regards,

Andrew


-----Original Message-----
From: Michael Steele [mailto:michaels at ...9077...]
Sent: Monday, February 21, 2005 7:19 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] BASE performance


Can you tell us what optimizing the MySQL database might be, and the
procedure?

I do understand that when the alerts are deleted, at least with ACID there
are some remains of the alerts left behind. Can these be cleaned, and if so,
how?

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Michael Stone
> Sent: Monday, February 21, 2005 4:05 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] BASE performance
> 
> On Mon, Feb 21, 2005 at 11:55:28AM -0700, Willy, Andrew wrote:
> >We're using BASE / Apache / Snort / MySQL on Win 2k, just recently
> >installed.  Many lookups using this front end are very slow, sometimes
> >taking 30-50 seconds to load. Our database is new and not very large.
> >Processor (1ghz) utilization is between %0 and %3.  The inital home pages
> >loads quickly, it's only lookups that crawl.
> 
> On the front page, how many total alerts does it report? For databases
> processor is largely irrelevant--how much RAM do you have? Have you done
> any mysql tuning?
> 
> Mike Stone
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at ...13018... - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related
regulations.




More information about the Snort-users mailing list