Re: Snort-users digest, Vol 1 #1451 - 8 msgs

[Wynn Fenwick <wfenwick () FHLSim com>]

Postgresql 7.1.3, Redhat 7.2, ACID 0.9.6b19, Compaq ML370 (dual P-III 400s I
think?)

We did a move of 3000 alerts to the archive database in 569 seconds today.
However, this machine does lots of other stuff, you are doing a lot of selects and
inserts, and postgres is much slower than MySQL.

There are some threads google finds on performance tuning including making sure
all your indexes are there, and there is a lot of PGSQL tuning you can do.

W

snort-users-request () lists sourceforge net wrote:

> Subject: Re: [Snort-users] Deleting messages in ACID (wh~~~~
> Date: Fri, 4 Jan 2002 09:54:05 -0700
> From: Phil Wood <cpw () lanl gov>
> To: Daedalus <daedalus () ripco com>
> CC: snort-users () lists sourceforge net
> References: <m16MWrt-000Ko7C () ripco com>
>
> On Fri, Jan 04, 2002 at 10:06:52AM -0600, Daedalus wrote:
> > About how long should it take to delete ~1000 alerts from a Postgresql
> > database using ACID?
>
> It takes me about 129 seconds to delete 8000 alerts in MYSQL.
> I only had 28244 alerts to start.  This was on a PII 300Mhz.
>
> My acid version is: ACID v0.9.6b20, snort is 1.8.3(88)
>
> > When I try this I get different results, none of them satisfactory.
> > Most often the browser will sit for a few hours then return the
> > top of an ACID page including the message about how many alerts
> > where added to the cache, but blank after that. The DB has about
> > 150,000 alerts in it. (I'm still working on thining out my rule
> > sets ;-))
> >
> > P2 500Mhz
> > RH 7.2
> > Postgresql the came with RH 7.2
> > latest ACID and required stuff
> >
> > Thanks for any insight,
> > -Bill


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users