Educause Security Discussion mailing list archives
Re: Snort IDS Frontends
From: Gerry Sneeringer <sneeri () UMD EDU>
Date: Fri, 11 Jul 2003 16:06:42 -0400
We try to keep it as close to zero as possible. We lose out on some of the ACID time based graphing doing this, but we are also syslogging the alerts and are able to develop some history from those records. Typically, we have less than 5000 records in the database at any one time, but we've worked happily with over 200,000. The day we enabled all stock signatures on our I2 link for a few hours and collected 2 million records was a different story :-(. Deleting tens of thousands of records in a bulk delete does provoke some thumb twiddling and we needed to increase the session timeout in the PHP code to get it done. -Gerry On Fri, 11 Jul 2003, Crawford, Charles D wrote:
Hi Gerry, Thanks for the reply, about how many records do you usually have in your DB?
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Snort IDS Frontends Crawford, Charles D (Jul 10)
- <Possible follow-ups>
- Re: Snort IDS Frontends Timothy Wright (Jul 10)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Crawford, Charles D (Jul 11)
- Re: Snort IDS Frontends Gerry Sneeringer (Jul 11)
- Re: Snort IDS Frontends Phil Rodrigues (Jul 14)