Re: Snort-DNS lookup question

[Josh Berry <jberry () penson com>]

This is ACID doing the DNS lookup, not snort.  You can fix this by
editing the acid_conf.php file and changing to this value:

resolve_IP = 0;

Other tweaks:

1) show_summary_stats = 0; # This will disable showing stats at the top
2) event_cache_auto_update = 0; # Huge performance boost but you will
have to manually update your cache
3) main_page_detail = 0; # Has to do with summary stats
4) show_previous_alert = 0; # Will only show first/last alert

Also, if you regularly delete data from ACID you should optimize your
database.  When I used ACID I use to have this run from cron once a
week:

for table in `echo show tables | mysql <name_of_snort_db> | tail +2`
do
        echo optimize table $table | mysql <name_of_snort_db>
done

This requires the root user to have access to the db without a password
from localhost.  If the root user does not have this access you can
specify one that does with -u <user_name> after the dbname.  Or if you
need a password you can do a -u <user_name> --password=<password>.


On Wed, 2004-08-18 at 08:52, Clayton Mascarenhas wrote:
> Hi
>
> When I run Acid.. it takes a lot of time to show up..
> I'm guessing its because of the excessive number of
> alerts I am receiving. Inorder for me to improve the
> speed ... in a little way...  is there any way in
> snort where I can remove its capability of trying to
> look up the DNS to try to resolve the ip addresses it
> catches in the alert files. My thinking is that by
> stopping this function in snort... Acid wont have that
> "FQDN" column that always shows me Unable to resolve
> address... thus improving the speed. Please could
> someone correct me if I am wrong... or let me know how
> to remove the DNS lookup in snort. 
>
> Thanks
>
> Clayton
>
>
>               
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - Send 10MB messages!
> http://promotions.yahoo.com/new_mail
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users