RE: Clearing the snort database

["LaRose, Dallas" <dlpassport () s2access com>]

> I doubt the database is "full".  What's probably happening is that
> ACID can no longer load its tables in a reasonable amount of time.
> The bigger the database, the slower ACID loads.

I had some performance issues early in the game with ACID.  I found
that the incremental updates on the alert cache are what caused the
performance issues, not database size.  To circumvent this issue, I
configured wget in cron to update the alert cache and configured
ACID not to update the cache when loading the page.  This really
helped.


> I suspect the database is full so i want to clear it but 
> being new to IDS i'm not sure how.

The easiest way I find to clear this is to drop the database,
Recreate using the create_mysql script from the contrib dir, then
regrant permissions.  To build the ACID tables, just start the
ACID interface and create the AGs.

If you need more details, let me know.

dallas


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users