Snort mailing list archives
RE: Snort, MySQL, Acid
From: "Whaley, Mike" <mwhaley () rightnow com>
Date: Mon, 6 May 2002 14:17:40 -0600
Hi Tim, Just curious, what is your hardware configuration? I've got snort tuned down to about 10,000 events a day and run it on a Celeron 400 Mhz with 512 MB of PC100 ram. This is about all this box can handle and it runs at about 60% utilization all the time, sometimes pegged out for brief moments. Well, take it easy. Mike Whaley -----Original Message----- From: Tim Sailer [mailto:sailer () bnl gov] Sent: Monday, May 06, 2002 1:37 PM To: Anton A. Chuvakin Cc: Redman, Ken; Snort Users List (E-mail) Subject: Re: [Snort-users] Snort, MySQL, Acid On Mon, May 06, 2002 at 03:32:54PM -0400, Anton A. Chuvakin wrote:
Hello,I think the easiest way, since you have ACID, is to query on your IP address in ACID, and then tell it to delete the whole query. It will clean up nicely.Not it if you have 100,000 records or more.
Really? I guess it all depends on your hardware and configuration. We get 100k records or more on a bad day. 1-3 million records is what the max we can handle in the database at one time. It's no speed demon by any stretch, but it still runs and doesn't crash. Tim
Sorry for a one-liner, but archiving/deleting with ACID for large databases is very unstable. I have not found a way to recover my ACID/snort database after it was flooded by thousands of records. That leaves in pretty much unusable shape. Best, -- Anton A. Chuvakin, Ph.D. http://www.chuvakin.org http://www.info-secure.org
-- Tim Sailer <sailer () bnl gov> Brookhaven National Laboratory (631) 344-3001 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, MySQL, Acid Tom Sevy (May 03)
- <Possible follow-ups>
- Snort, MySQL, Acid Redman, Ken (May 03)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- Re: Snort, MySQL, Acid Anton A. Chuvakin (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 07)
- snort, mysql, acid C White (Jun 13)