Snort mailing list archives
AW: BASE performance
From: "Lieker Heinrich" <hlieker () dohle com>
Date: Tue, 22 Feb 2005 16:02:16 +0100
Hello! I have a similar problem. I'm using BASE with a postgresql server. When I refresh the start page, BASE needs lots of seconds to load. I have many alarms added to the database per minute. Do you have any ideas, what I should check oder optimize? Thank you! Regards, Heinrich -----Ursprüngliche Nachricht----- Von: Willy, Andrew [mailto:AWilly () eSMIL net] Gesendet: Dienstag, 22. Februar 2005 15:53 An: snort-users () lists sourceforge net Cc: 'Joel Esler'; 'Kevin Johnson'; 'Michael Stone'; 'Michael Steele' Betreff: RE: [Snort-users] BASE performance Gentlemen, Thank you for your replies. It turns out my IDS config is to blame, and address resolution (unableto+waitingfortimeout) was leading to the delay/lag. For the record, if for some reason you'd like to turn address resolution off, Kevin Johnson advises: "In your base_conf.php file I would recommend changing $resolve_IP to equal 0 and try again." Regards, Andrew -----Original Message----- From: Michael Steele [mailto:michaels () winsnort com] Sent: Monday, February 21, 2005 7:19 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] BASE performance Can you tell us what optimizing the MySQL database might be, and the procedure? I do understand that when the alerts are deleted, at least with ACID there are some remains of the alerts left behind. Can these be cleaned, and if so, how? Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Michael Stone Sent: Monday, February 21, 2005 4:05 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] BASE performance On Mon, Feb 21, 2005 at 11:55:28AM -0700, Willy, Andrew wrote:We're using BASE / Apache / Snort / MySQL on Win 2k, just recently installed. Many lookups using this front end are very slow, sometimes taking 30-50 seconds to load. Our database is new and not very large. Processor (1ghz) utilization is between %0 and %3. The inital home pages loads quickly, it's only lookups that crawl.On the front page, how many total alerts does it report? For databases processor is largely irrelevant--how much RAM do you have? Have you done any mysql tuning? Mike Stone ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to support () esmil com - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: BASE performance Lieker Heinrich (Feb 22)
- Re: AW: BASE performance James Riden (Feb 22)
- Snort not seeing all packets sEc nErD (Feb 22)
- Re: Snort not seeing all packets Matt Kettler (Feb 22)
- Snort not seeing all packets sEc nErD (Feb 22)
- Re: AW: BASE performance James Riden (Feb 22)