Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort, MySQL, Acid

From: Tim Sailer <sailer () bnl gov>
Date: Mon, 6 May 2002 15:37:24 -0400
On Mon, May 06, 2002 at 03:32:54PM -0400, Anton A. Chuvakin wrote:

Hello,


I think the easiest way, since you have ACID, is to query on your IP
address in ACID, and then tell it to delete the whole query. It will
clean up nicely.

Not it if you have 100,000 records or more.


Really? I guess it all depends on your hardware and configuration.
We get 100k records or more on a bad day. 1-3 million records
is what the max we can handle in the database at one time. It's no speed
demon by any stretch, but it still runs and doesn't crash.

Tim


Sorry for a one-liner, but archiving/deleting with ACID for large
databases is very unstable. I have not found a way to recover my
ACID/snort database after it was flooded by thousands of records. That
leaves in pretty much unusable shape.

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org




-- 
Tim Sailer <sailer () bnl gov> 
Brookhaven National Laboratory  (631) 344-3001

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: