Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort log previewing with Acid.

From: Joseph Gresham <joe () onshore com>
Date: 17 Jan 2003 09:39:17 -0600
I find that Mysql is lots faster (see
http://www.andrew.cmu.edu/~rdanyliw/snort/perf/acid_perf.html)
If you are having a hard time with large alerts it is probably the
max_script_runtime variable in acid_conf.php.  This will basicaly stop
the script after x seconds of execution.  I had to increase this value
to 1800 seconds for som equeries to work.  

On Wed, 2003-01-15 at 20:16, Anthony Liberty wrote:

hi snort user,

i've trouble when previewing snort report with acid.
when the attack data is small, acid can show the alert report.
but when the attack data is quite large , acid can't show the alert report.

anybody has any idea how to tuning up this acid-mysql. i'm quessing this is
a problem of memory ,coz mysql needs large memory to query large data.
my memory is 128Mb,with 512 swap and PIII-800.

is there any script to be add to tuning up this acid report , or have u ever
try to change mysql to postgressSQL , is it more faster ?


thanks,
--thony--


-------------------------------------------------------
This SF.NET email is sponsored by: A Thawte Code Signing Certificate 
is essential in establishing user confidence by providing assurance of 
authenticity and code integrity. Download our Free Code Signing guide:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Joseph J. Gresham Jr.
Systems Integration/Network Engineer
OnShore Inc.
312-850-5200 x.138





-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your 
clients even if they use browsers that are limited to 40 bit encryption. 
Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: