Snort mailing list archives
Re: Acid slowness
From: "Dusty Hall" <halljer () auburn edu>
Date: Thu, 17 Apr 2003 07:47:40 -0500
Just try the following, it might help. mysql -p -u root -D snort show tables; optimize table ag_alert,acid_event,....etc -Dusty
JP Vossen <vossenjp () netaxs com> 4/17/2003 12:37:32 AM >>>Message: 2 Date: Wed, 16 Apr 2003 14:27:50 -0500 From: "Dusty Hall" <halljer () auburn edu> To: <vulcan20mm1 () comcast net>,<mike () mentges org> Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Acid slowness Did you take a look at the snort supplied optimize script?
Do you have a pointer for that? I could not find anything in the Snort 2 source (esp contrib). Or do you mean [0]?
Essentially you can just login mysql, use snort, optimize each table (optimize table acid_ag,acid_events....etc). That usually works
pretty
well for me.
But only if there are "holes" in the data? Or not? See the script for that in [0]. I am running Snort/ACID on an ancient P133. It ran OK (slow, but OK) at first. Now I'm at around 140K records and it's a slug. I have not made a really serious tuning attempt, but per [0] I did check the indexes. Contrary to [0] all three recommended indexes already existed. (See below.) I know H/W is cheap but this is a home project on the side, so... Don't laugh, the honeypot is a 486. :-) I did also poke around the ACID FAQ, but again not too seriously yet. I also made some tweaks to /etc/my.cnf (as per /usr/share/doc/mysql-server-3.23.54a/my-medium.cnf)... Didn't seem to affect anything. TIA, JP [0] http://archives.neohapsis.com/archives/snort/2002-07/0407.html Snort 1.9.1 (but I only had the 2.0.0 source handy) ACID 0.9.6b23 The SQL create scripts were from Snort 1.9.1 and ACID 0.9.6b23. mysql> show index from tcphdr\G *************************** 3. row *************************** Table: tcphdr Non_unique: 1 Key_name: tcp_sport Seq_in_index: 1 Column_name: tcp_sport *************************** 4. row *************************** Table: tcphdr Non_unique: 1 Key_name: tcp_dport Seq_in_index: 1 Column_name: tcp_dport mysql> show index from acid_ag_alert\G *************************** 5. row *************************** Table: acid_ag_alert Non_unique: 1 Key_name: ag_sid Seq_in_index: 1 Column_name: ag_sid *************************** 6. row *************************** Table: acid_ag_alert Non_unique: 1 Key_name: ag_sid Seq_in_index: 2 Column_name: ag_cid ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp () jpsdomain org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- "The software said it requires Windows 98 or better, so I installed Linux..." ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid slowness Comcast (Apr 16)
- Re: Acid slowness Mike Mentges (Apr 16)
- <Possible follow-ups>
- Re: Acid slowness Dusty Hall (Apr 16)
- Re: Acid slowness JP Vossen (Apr 16)
- Re: Acid slowness Dusty Hall (Apr 17)
- RE: Acid slowness francisv (Apr 21)
- Re: Acid slowness Dusty Hall (Apr 22)