AW: [Snort-users] BASE performance

Lieker Heinrich hlieker at ...12951...
Tue Feb 22 07:04:44 EST 2005


Hello!

I have a similar problem. 
I'm using BASE with a postgresql server. When I refresh the start page, BASE needs lots of seconds to load. I have many alarms added to the database per minute. 
Do you have any ideas, what I should check oder optimize?

Thank you!

Regards,
Heinrich




-----Ursprüngliche Nachricht-----
Von: Willy, Andrew [mailto:AWilly at ...13017...] 
Gesendet: Dienstag, 22. Februar 2005 15:53
An: snort-users at lists.sourceforge.net
Cc: 'Joel Esler'; 'Kevin Johnson'; 'Michael Stone'; 'Michael Steele'
Betreff: RE: [Snort-users] BASE performance


Gentlemen,

Thank you for your replies.  It turns out my IDS config is to blame, and address resolution (unableto+waitingfortimeout) was leading to the delay/lag.  

For the record, if for some reason you'd like to turn address resolution off, Kevin Johnson advises: "In your base_conf.php file I would recommend changing $resolve_IP to equal 0 and try again."

Regards,

Andrew


-----Original Message-----
From: Michael Steele [mailto:michaels at ...9077...]
Sent: Monday, February 21, 2005 7:19 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] BASE performance


Can you tell us what optimizing the MySQL database might be, and the procedure?

I do understand that when the alerts are deleted, at least with ACID there are some remains of the alerts left behind. Can these be cleaned, and if so, how?

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users- 
> admin at lists.sourceforge.net] On Behalf Of Michael Stone
> Sent: Monday, February 21, 2005 4:05 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] BASE performance
> 
> On Mon, Feb 21, 2005 at 11:55:28AM -0700, Willy, Andrew wrote:
> >We're using BASE / Apache / Snort / MySQL on Win 2k, just recently 
> >installed.  Many lookups using this front end are very slow, 
> >sometimes taking 30-50 seconds to load. Our database is new and not 
> >very large. Processor (1ghz) utilization is between %0 and %3.  The 
> >inital home pages loads quickly, it's only lookups that crawl.
> 
> On the front page, how many total alerts does it report? For databases 
> processor is largely irrelevant--how much RAM do you have? Have you 
> done any mysql tuning?
> 
> Mike Stone
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real 
> users. Discover which products truly live up to the hype. Start 
> reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to support at ...13018... - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list