Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 1.7 and Acid 0.9.6b9 and MySQL 3.23.32

From: roman () danyliw com
Date: Wed, 16 May 2001 09:41:35 US/Eastern
 I am assuming he is  running similar versions of the 
os/snort/and acid (almost positive)


- Is it certain that both you and your colleague have the same
"max_execution_time" paramter in PHP set?

- Is there interest (and comforty) in the community for ACID to 
directly modify this paramerter to facilitate "long running" 
operations?


 the cpu utilization all most peaks for the mysql process during 
this query)


This consequence is not so surprising since in the current
implementation you will be making n-database requests
for n-alerts to delete.  Delete is a rather disk and cpu intensive
operation.  It need to both analysze the correct records (cpu),
and read/write the results (disk).  That being said, optimizations
to the current delete algorithm need to be made (there is much
room for improvement).

cheers,
Roman


I am using Snort 1.7 and ACID 0.9.6b9 with mysql 3.23.32 on a dual 733 w/
256 mb Ram on a RH 7.0 machine.

When using ACID, any query (today's unique alerts, etc) would take about
10-15 secs for a complete response (~15 unique alerts, nothing huge) and
full info on the page.  When I go to delete ..say 70,000 records out of
about 300,000 the php script times out (30 secs execution timeout)  I was
talking to a friend who runs snort on a similar box and he was explaining
that hes deleted 100,000+ records w/o any timeout errors, and the overall
operation of acid and its queries is very responsive.  I am assuming he is
running similar versions of the os/snort/and acid (almost positive) (note:
the cpu utilization all most peaks for the mysql process during this query)

...any ideas?

-Chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: