Snort mailing list archives
Re: Over 1 Million records in ACID.....
From: "David E. Gianndrea" <daveg () comsquared com>
Date: Thu, 27 Mar 2003 15:06:31 -0500
I had the same thing happen to me, but with different rule. I added this to my /etc/my.cnf file [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock skip-innodb set-variable = table_cache=256 set-variable = key_buffer=64M set-variable = sort_buffer=4M Be sure to read the docs for Mysql BEFORE using these. Im not an DBA but it helped out some with performance of Mysql. -- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. Web: www.comsquared.com Email: dgianndrea () comsquared com Ghercoias, Catalin wrote:
Hi, I got some over 1(one) million records in ACID under one of the classifications. < Classification > < Total > < Sensor# > < Signatures > < Src.Addr. > < Dest.Addr. > non-standard-protocol 1176682(73%) 1 15331 5174This is due to the fact that I turned on the rule "sid: 1620; rev: 3; msg: "BAD TRAFFIC Non-Standard IP protocol"; ip_proto: !89; classtype: non-standard-protocol;)". Big mistake!!!!! Now that I've learned from this mistake, how can I get rid of these records? Trying to delete them from ACID console, won't work. I tried also Mysql ControlCenter (for windows is true) but is still not working and sometimes crashes. Although I have increased the values of 'max_script_runtime=1800' in acid_php.conf ; 'max_execution_time=1800' and memory_limit=128M (it was 8M) in php.ini. I must say that the mysql and ACID are running on a dual-processor Pentium III@800 MHz with two hard drives of32 gigabytes ULTRA3-SCSI mirrored (RAID 0) and 1 gigabyte of RAM. On this box is running RedHat Linux 7.3, Mysql 4.0, ACID, Apache 1.3.27. Thesnort agents are running on separate machines. With all these trying to access/delete in ACID it takes minutes until something is loading in browser. Thank you very much in advance, Catalin Ghercoias. ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. Web: www.comsquared.com Email: dgianndrea () comsquared com ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Over 1 Million records in ACID..... Ghercoias, Catalin (Mar 27)
- Re: Over 1 Million records in ACID..... Paul Schmehl (Mar 27)
- Re: Over 1 Million records in ACID..... David E. Gianndrea (Mar 27)
- Re: Over 1 Million records in ACID..... Erick Mechler (Mar 27)
- <Possible follow-ups>
- Re: Over 1 Million records in ACID..... Dusty Hall (Mar 27)
- RE: Over 1 Million records in ACID..... Ghercoias, Catalin (Mar 27)
- Re: Over 1 Million records in ACID..... David E. Gianndrea (Mar 27)