Snort mailing list archives
RE: Speeding up mysql
From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Fri, 19 Oct 2001 10:11:29 -0700
What schema are you using? What version of Mysql? I'm using schema 104, Mysql 3.23.43 and according to the mysql manual (looking at mysql.com) it says that indexes are automatically made on Primary keynames. So doing a "show index from <tbl_name>" shows that each of the tables that contain a CID column are indexed already. Same thing with signature in the event table and sig_id in the signature table.
-----Original Message----- From: quentyn () fotango com [mailto:quentyn () fotango com] Sent: Friday, October 19, 2001 09:42 To: snort-users () lists sourceforge net Subject: [Snort-users] Speeding up mysql Hi all, this my be of use to everyone logging snort to a mysql db (don't know about others) we were having problem with the mysql backend to snort with respect to speed. Using snort report took over 3mins to generate (using Snort Report Version 1.06). My colleague managed to grab one of our developers and came up with the following changes to the mysql db structure (if this kills your DB we take *NO* responsibility) .... alter table iphdr add index(cid); alter table event add index(cid); alter table tcphdr add index(cid); alter table event add index(signature); alter table signature add index(sig_id); now the report comes back in seconds (with 34044 records in event) whereas it use to take 3-4 mins (on a single 800 with 2Gb RAM) He is now looking at optimizing the PHP to see if he can speed up that. YMMV - but I hope it helps. Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### Quidquid latine dictum sit, altum viditur (anything said in Latin sounds lofty) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Speeding up mysql quentyn (Oct 19)
- <Possible follow-ups>
- RE: Speeding up mysql Kevin Brown (Oct 19)
- Re: Speeding up mysql quentyn (Oct 19)
- RE: Speeding up mysql Hutchinson, Andrew (Oct 19)