[Snort-users] Optimizing Snort, MySQL & BASE installation

Joel Esler joel.esler at ...1935...
Thu Oct 6 18:14:02 EDT 2005


In your base_conf.php  There is a DNS Cache setting.  Set it to 0.

Joel Esler

On Oct 6, 2005, at 7:54 PM, Willy, Andrew wrote:

> Maybe someone here can tell you how to disable domain lookup in  
> BASE, I'm
> pretty sure it's possible though I don't remember how.  Check your  
> BASE
> config files, the line you need may be easy to find.
>
> Andrew
>
> -----Original Message-----
> From: Affan Basalamah [mailto:affanzbasalamah at ...11827...]
> Sent: Monday, July 04, 2005 8:33 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Optimizing Snort, MySQL & BASE installation
>
>
> Hi all,
>
> Currently we deploy Snort, MySQL and BASE on one box (FreeBSD/amd64
> 5.4-RELEASE, 1 GB RAM, 40 GB Harddrive, 2 bge0 gigabit eth) to listen
> on one SPAN port on my Catalyst 6500. SPAN port is mirroring 4 100Mbps
> FastEth port. Installation is working fine, thanks to FreeBSD Ports
> Collection.
>
> The problem about it is Alert management. After running it for one
> day, the BASE console start working slowly, took very long time to
> display the main console, and unable to run queries on Most Recent 15
> Unique Alert and Most Frequent 5 Unique Alert. Mostly we have 1
> million Alert for 1 day operation. I have already minimize my
> signature to detect only most frequent alert, such as worm/virus. The
> false positives have been commented out of my snort.conf and signature
> files.
> NOTICE OF CONFIDENTIALITY-The information in this email, including
> attachments, may be confidential and/or privileged and may contain
> confidential health information. This email is intended to be  
> reviewed only
> by the individual or organization named as addressee. If you have  
> received
> this email in error please notify Scottsdale Medical Imaging, an  
> affiliate
> of Southwest Diagnostic Imaging, LTD immediately - by return  
> message to the
> sender or to support at ...13018... - and destroy all copies of this  
> message and
> any attachments. Please note that any views or opinions presented  
> in this
> email are solely those of the author and do not necessarily  
> represent those
> of Scottsdale Medical Imaging. Confidential health information is  
> protected
> by state and federal law, including, but not limited to, the Health
> Insurance Portability and Accountability Act of 1996 and related
> regulations.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,  
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list