Re: Snort IDS Frontends

[Gerry Sneeringer <sneeri () UMD EDU>]

We try to keep it as close to zero as possible.  We lose out on
some of the ACID time based graphing doing this, but we are
also syslogging the alerts and are able to develop some history
from those records.

Typically, we have less than 5000 records in the database at any
one time, but we've worked happily with over 200,000.  The day we
enabled all stock signatures on our I2 link for a few hours and
collected 2 million records was a different story :-(.  Deleting
tens of thousands of records in a bulk delete does provoke some
thumb twiddling and we needed to increase the session timeout in
the PHP code to get it done.

-Gerry

On Fri, 11 Jul 2003, Crawford, Charles D wrote:

> Hi Gerry,
>
> Thanks for the reply, about how many records do you usually have in your DB?

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.