Snort mailing list archives

RE: SnortSnarf taking long time to run..???

From: Owen Creger <OCreger () CreativeSolutions com>
Date: Sat, 17 Aug 2002 08:49:48 -0400

I had run into the same problem.  SnortSnarf would take an unacceptable
amount of time and consume 100% of the processor.  I solved this by moving
to using MySQL and ACID.
I have come to like ACID much better than SnortSnarf.
IMHO SnortSnarf is a great product, but only for low volume situations.
Once your logs get too big, SnortSnarf has problems with speed and processor
utilization.

Owen C. Creger CCNA, CISSP
Info. Sec. Administrator
Creative Solutions, a Thomson Company.
7322 Newman Blvd.
Dexter, MI  48130
email: ocreger () creativesolutions com
ph: 734-426-5860 ex. 3787
fax: 734-426-5946
cell: 734-223-6270

-----Original Message-----
From: David Bizzle [mailto:dbizzle () compunet1 com]
Sent: Friday, August 16, 2002 3:10 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] SnortSnarf taking long time to run..???


when i run snortsnarf, its taking DAYS ( i mean DAYS) to 
process these logs that i have. I'm trying to proccess the 
weekly log files generated by snort. There is only 3 of them, 
about 50mgs a piece. I don't understand why its taking so 
long to process. Just really want to know if anyone else is 
having this problem or is it something i'm doing.

here is my command 

./snortsnarf.pl -d /var/www/html/SnortSnarf -db 
/var/www/html/SnortSnarf/annotations/new-annotation-base.xml 
-dns -rulesfile /root/snort.conf -ldir 
"file://var/log/snort/" /root/alert.weekly 
/root/alert.weekly.1 /root/alert.weekly.2

any ideas?

thanks

david


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SnortSnarf taking long time to run..??? David Bizzle (Aug 16)
- Re: SnortSnarf taking long time to run..??? James Hoagland (Aug 20)
- <Possible follow-ups>
- RE: SnortSnarf taking long time to run..??? Owen Creger (Aug 17)
- RE: SnortSnarf taking long time to run..??? Cloppert, Michael (Aug 20)