[Snort-users] Optimizing Snort, MySQL & BASE installation

Willy, Andrew AWilly at ...13017...
Thu Oct 6 16:55:29 EDT 2005

Maybe someone here can tell you how to disable domain lookup in BASE, I'm
pretty sure it's possible though I don't remember how.  Check your BASE
config files, the line you need may be easy to find.


-----Original Message-----
From: Affan Basalamah [mailto:affanzbasalamah at ...11827...]
Sent: Monday, July 04, 2005 8:33 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Optimizing Snort, MySQL & BASE installation

Hi all,

Currently we deploy Snort, MySQL and BASE on one box (FreeBSD/amd64
5.4-RELEASE, 1 GB RAM, 40 GB Harddrive, 2 bge0 gigabit eth) to listen
on one SPAN port on my Catalyst 6500. SPAN port is mirroring 4 100Mbps
FastEth port. Installation is working fine, thanks to FreeBSD Ports

The problem about it is Alert management. After running it for one
day, the BASE console start working slowly, took very long time to
display the main console, and unable to run queries on Most Recent 15
Unique Alert and Most Frequent 5 Unique Alert. Mostly we have 1
million Alert for 1 day operation. I have already minimize my
signature to detect only most frequent alert, such as worm/virus. The
false positives have been commented out of my snort.conf and signature
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at ...13018... - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related

More information about the Snort-users mailing list