Snort mailing list archives
RE: Question on database for Snort
From: Erek Adams <erek () snort org>
Date: Tue, 1 Apr 2003 09:31:32 -0500 (EST)
On Tue, 1 Apr 2003, FWAdmin wrote:
Great response so far guys.
If easily offended, please skip the next section and see the lower response. <rant mode on> Hi, Good morning. Since we, the collective snort-users community, didn't respond fast enough to satisfy you, we would sincerely like to tell you take a long walk off a very short pier. Thank you have a nice day. Now, let's put this into perspective: You are using a OpenSource program. You are asking questions of the OpenSource community for that program. You will be using this information for "a customer", which implies a monetary gain from this. We (the community) are helping out of the goodness and willingness of our own hearts--Translation, we're not getting paid. Now, I'm all for helping people and that's pretty damned obvious. But, I when someone becomes a bit aggravated over the fact their question wasn't answered in what _they_ consider a timely manner--It just amazes me. It makes me _not_ want to help that person. If they are going to be that crass and rude, why should I take the time from my life to help? I have a life--Ok, It may not seem that way, but I do. I have doctor appointments, lunch with the wife, job interviews, and dinner to cook. I don't always _want_ to take time to answer questions. Sometimes I see an email that _really_ raises my blood pressure. This is a perfect example. You have apparently done _no_ research. You've gotten no data on you own. If you have, you don't mention it. So at this point, the way it's coming across: "Hi, I can't do my own job. Do it for me. I can't think on my own. Please do it for me. If you don't do my job right now, I'm going to throw a temper tantrum." I might and could be off base with this, but that's the way you come across. I'm usually quite calm and easy going, but I'm sorry, this just pushed my last nerve. Please, in the future before you post, read these two links: http://marc.theaimsgroup.com/?l=snort-users&m=104230179003344&w=2 http://www.theadamsfamily.net/~erek/snort/drinking_game.txt </rant mode> Now that that's over, lets see what we can do to get you an answer.
Anyone use Microsoft SQL Server 2000? Just curious.
Yes, quite a few. Check the mailing list archives [0] for mssql.
-----Original Message----- From: FWAdmin [mailto:FWAdmin () nbpower com] Sent: March 31, 2003 10:42 To: Snort-Users Subject: [Snort-users] Question on database for Snort Hello all. I am going to be doing a rather large Snort deployment for a customer and I would like some opinions as to what back end database to use for the Snort log files and data. I am using Red Hat 7.3 with MySQL and ACID right now, but I would like to hear what others use in their customer environments. We will probably stick with HP / Compaq hardware, as that is the environment standard, but that is also open to suggestions or comments.
MySQL, Postgres, Oracle and MSSQL are the most common. Oracle isn't supported via ACID, so you'd have to use something else. From a recent discussion on the list, it seems that ACID starts to have problems with it's SQL queries around ~800k alerts. Other folks who are using their own interface are getting excellent response times well into the 1.6m alert range. Short Answer: Use what you know and what you are comfortable with. You will have to do DB maintenance, so keep in mind that you want it to be 'usable'. With MySQL+ACID you will have to prune the DB often to keep it manageable. Oh, and 4 penalty drinks. :) (Trim those sigs next time!) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2 ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Question on database for Snort FWAdmin (Apr 01)
- RE: Question on database for Snort Erek Adams (Apr 01)
- <Possible follow-ups>
- Re: Question on database for Snort Paul Schmehl (Apr 01)
- RE: Question on database for Snort Kreimendahl, Chad J (Apr 01)
- RE: Question on database for Snort Paul Schmehl (Apr 01)
- RE: Question on database for Snort FWAdmin (Apr 01)
- RE: Question on database for Snort Erek Adams (Apr 02)
- RE: Question on database for Snort FWAdmin (Apr 02)
- Re: Question on database for Snort David Alonso De La Vega Tapage (Apr 02)