Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort log previewing with Acid.

From: Erek Adams <erek () snort org>
Date: Thu, 16 Jan 2003 09:49:27 -0500 (EST)
On Thu, 16 Jan 2003, Anthony Liberty wrote:


i've trouble when previewing snort report with acid.
when the attack data is small, acid can show the alert report.
but when the attack data is quite large , acid can't show the alert report.

anybody has any idea how to tuning up this acid-mysql. i'm quessing this is
a problem of memory ,coz mysql needs large memory to query large data.
my memory is 128Mb,with 512 swap and PIII-800.

is there any script to be add to tuning up this acid report , or have u ever
try to change mysql to postgressSQL , is it more faster ?


You're right.  You really need more memory on that box.  Get as much on it
as you can.  You really can't ever get 'too much'.

As for speeding up MySQL, check the archives [0].  There was some
discussion on the list or snort-dev about improving performance on MySQL.
I don't recall exactly what, but I think it was adding some indexes to the
tables.

Cheers!

-----
Erek Adams

   "When things get weird, the wierd turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: