[Snort-users] BASE performance

Wes Young wcyoung at ...12754...
Tue Feb 22 07:15:36 EST 2005

Hash: SHA1

Just a comment: What about adding a perl script like aaval uses to do
all that in the background when the cpu util is low... let it generate
all the hostnames and populate the tables etc in the background as the
information is recieved into the snort db?

Willy, Andrew wrote:
| Gentlemen,
| Thank you for your replies.  It turns out my IDS config is to blame, and
| address resolution (unableto+waitingfortimeout) was leading to the
| delay/lag.
| For the record, if for some reason you'd like to turn address resolution
| off, Kevin Johnson advises: "In your base_conf.php file I would recommend
| changing $resolve_IP to equal 0 and try again."
| Regards,
| Andrew
| -----Original Message-----
| From: Michael Steele [mailto:michaels at ...9077...]
| Sent: Monday, February 21, 2005 7:19 PM
| To: snort-users at lists.sourceforge.net
| Subject: RE: [Snort-users] BASE performance
| Can you tell us what optimizing the MySQL database might be, and the
| procedure?
| I do understand that when the alerts are deleted, at least with ACID there
| are some remains of the alerts left behind. Can these be cleaned, and
if so,
| how?
| Kindest regards,
| Michael...
| WINSNORT.com Management Team Member

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
Version: GnuPG v1.2.6 (GNU/Linux)


More information about the Snort-users mailing list