Snort mailing list archives

RE: ACID/MySql DB performance

From: "McPheeters, Scott" <smcpheeters () fnms-indy com>
Date: Fri, 21 Feb 2003 12:35:14 -0500

I just followed one of the faqs on the optimizations and performance.  

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b10


Scott

-----Original Message-----
From: Anton A. Chuvakin [mailto:anton () chuvakin org]
Sent: Friday, February 21, 2003 11:56 AM
To: McPheeters, Scott
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] ACID/MySql DB performance
Importance: High


Scoot and all,

I normally see a pretty big performance change around 100k alerts, at
that point the "snap" is gone and the system has to think about each
page. I am still working on my rules, does it ever end? hehe, so I can
run anywhere between 50k and 300k.

How many alerts do you try to keep your databases at?

At 400k events its painfully, unbearably slow on a good PIII box with
512MB of RAM.

When do you start feeling the performance differences??

About 200K, I'd say. What is WORSE is that when some of the alerts are
removed and the db size goes down to about 50K events the database stays
slow! Only the drop heals it.

I have done the extra indexes and I check the tables for
optimizations.

Could you provide more details on what was done??

In fact, I will be happy if more people would share their MySQL
performance optimization tips... :-)

Best,
-- 
  Anton A. Chuvakin, Ph.D., GCIA
     http://www.chuvakin.org
   http://www.info-secure.org



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ACID/MySql DB performance McPheeters, Scott (Feb 14)
- Re: ACID/MySql DB performance Anton A. Chuvakin (Feb 21)
- <Possible follow-ups>
- RE: ACID/MySql DB performance larosa, vjay (Feb 14)
  - Re: ACID/MySql DB performance Erick Mechler (Feb 14)
- RE: ACID/MySql DB performance McPheeters, Scott (Feb 21)
  - Re: ACID/MySql DB performance Erick Mechler (Feb 21)