No subject


Thu Nov 23 16:36:19 EST 2017


  9:40am  up 21 days, 20:24,  2 users,  load average: 1.64, 1.05, 0.50
30 processes: 28 sleeping, 2 running, 0 zombie, 0 stopped
CPU states:  3.5% user, 29.2% system, 27.3% nice, 39.7% idle
Mem:  1036256K av,  536808K used,  499448K free, 11896K shrd, 475916K buff
Swap:  128512K av,       0K used,  128512K free               18800K cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT  LIB %CPU %MEM   TIME COMMAND
24738 mysql     12   5  9540 9540  1044 R N     0 88.4  0.9   2:13 mysqld
24737 root       1   0  1088 1088   588 S       0 20.0  0.1   0:32 snort
 1199 mysql      6   5  9540 9540  1044 S N     0  9.9  0.9   1:16 mysqld
24769 root       1   0   864  864   684 R       0  0.7  0.0   0:02 top


And the size of the MySQL database:

        09:52:06: 100 k (an empty database)
        09:52:30: 3796 k
        09:52:38: 5012 k
        09:53:40: 14544 k
        09:54:00: 17620 k
        09:54:30: 22096 k
        09:54:43: 24124 k
        09:55:55: 34932 k


[root at ...311...:/data/mysql/snort]# ls -l *ISD
-rw-rw----    1 mysql    mysql     6391045 Aug 11 09:56 event.ISD
-rw-rw----    1 mysql    mysql        3872 Aug 11 09:56 icmphdr.ISD
-rw-rw----    1 mysql    mysql     5229009 Aug 11 09:56 iphdr.ISD
-rw-rw----    1 mysql    mysql          24 Aug 11 09:52 sensor.ISD
-rw-rw----    1 mysql    mysql     3865060 Aug 11 09:56 tcphdr.ISD
-rw-rw----    1 mysql    mysql         992 Aug 11 09:56 udphdr.ISD



And a litle example of why I don't like that all packages are creating
an event:

mysql> select count(*) from event;        
+----------+
| count(*) |
+----------+
|   193668 |
+----------+
1 row in set (0.00 sec)

mysql> select * from event where signature != "NULL MESSAGE";
+-----+-------+---------------+---------------------+
| sid | cid   | signature     | timestamp           |
+-----+-------+---------------+---------------------+
|   1 | 14040 | FTP-bad-login | 2000-08-11 09:52:24 |
+-----+-------+---------------+---------------------+
1 row in set (0.65 sec)


-- 
Some people claim that the UNIX learning curve is steep, but at least you
only have to climb it once.





More information about the Snort-users mailing list