Re: Snort performance and maintenance

[Joel Esler <joel.esler () sourcefire com>]

I suggest you move the input of alert data into the database to  
Barnyard.   (If you are not already doing so)

I would also periodically clean out the DB (clean out old stuff, and  
stuff you don't need.)

Finally, switch to BASE instead of ACID.  http://base.secureideas.net

Joel



On Nov 1, 2005, at 11:17 AM, Hubert Edward kIYIMBA wrote:

> My snort IDS has got 40GB Hard disk, 3GHz microprocessor speed and  
> 1GB RAM. It is connected so as to capture traffic from the internet  
> into the network. This machine has been running for three months now.
>
> The machine has deteriorated in performance. It is so slow. The  
> ACID takes so long to load. The current statistics from the machine  
> is as follows
>
>  using command # free -t -m the following is displayed
>
>         Total   used    free    shared  buffers cashed
> Mem     996     987     9       0       652     777
> -/+bufferscasche                147     849                     
> swap    2047    207     1840                    
> Total   3044    1195    1849                    
>
> using the top command I discovered that MS-SQL takes 40 to 50 % CPU  
> usage full time.
>
>
> I am seeking advice on how to improve the performance of the IDS
>
>
> Thanks
>
>
> Yahoo! FareChase - Search multiple travel sites in one click.