Snort mailing list archives
Re: Snort and high performance networks
From: "Aaron" <snort () microchp org>
Date: Mon, 24 May 2004 07:01:04 -0700
I have the database on just a dual p3/700mhz box with 4GB of ram and ACID does just fine no matter how many alerts it has. Loading the main page takes a bit but that has more to do with the stats it gathers.
Last month I had over 12 million events in the db and it had no problems.
If you search mysql.com, you can find several performance tips that will help, especially if you have plenty of memory to throw at the problem.
http://www.mysql.com/It is also a good idea to prune out the old alerts then run an optimize on the tables. If you are running barnyard, then this won't be a problem (since optimize will lock the tables).
Regards, Aaron
Date: Mon, 24 May 2004 15:33:35 +1200 From: Jason Haar <Jason.Haar () trimble co nz> Organization: Trimble Navigation Ltd. To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort and high performance networks Rafael Ortega wrote:How about OS? Also, anything special about the PCI bus and Ethernet card choices? (e.g. I don't think standard 33Mhz PCI can do 800Mbs)Hello, AllI'm currently snorting close to 800Mbps with no problem. What to do with the amount of info, is another story. I tried ACID, but after 24 hours and700,000 events registered, the data base becomes too slow, even after indexing certain reference fields. ...The sniffer is an Intel Xeon 2.4GHz with 1GB RAM running only snort andbarnyard.You are correct about ACID. I love it - but it really grinds to a halt around 100K records-- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort and high performance networks, (continued)
- RE: Snort and high performance networks Rafael Ortega (Jun 01)
- RE: Snort and high performance networks Kreimendahl, Chad J (May 20)
- RE: Snort and high performance networks Rafael Ortega (May 21)
- Re: Snort and high performance networks Jason Haar (May 23)
- RE: Snort and high performance networks snort user (May 21)
- Re: Snort and high performance networks Christopher Rapier (May 21)
- RE: Snort and high performance networks Rafael Ortega (May 21)
- Re: Snort and high performance networks snort user (May 21)
- RE: Snort and high performance networks SN ORT (May 21)
- RE: Snort and high performance networks Kreimendahl, Chad J (May 21)
- Re: Snort and high performance networks Aaron (May 24)
- High Speed Network Cards + rules? Adriel T. Desautels (May 24)
- Re: High Speed Network Cards + rules? Keith W. McCammon (May 24)
- Re: High Speed Network Cards + rules? Christopher Rapier (May 24)
- Re: High Speed Network Cards + rules? Matt Kettler (May 24)
- Re: High Speed Network Cards + rules? James Riden (May 24)
- Re: High Speed Network Cards + rules? James Riden (May 25)
- High Speed Network Cards + rules? Adriel T. Desautels (May 24)
- Re: High Speed Network Cards + rules? Tod Beardsley (May 24)
- Re: Re: Snort and high performance networks Aaron (May 25)
- Re: Re: Snort and high performance networks Micha Silver (May 26)