Snort mailing list archives
Re: Mysql Performance with snort and demarc/puresecure
From: "Greg Robinson" <greg () diverdown cc>
Date: Fri, 12 Jul 2002 09:22:35 -0500
I am logging about that many hits to the database as well....what I have done is seperate mysql off of the sensor....and then seperated demarc and apache off to a yet another box....kind of a 3 tiered approach... I got a huge performace gain from this config.....also my snort sensor has two interfaces in it....one for just snort to run on and collect data....and the other is connected to the network with mysql .....so that way I am not trying to write to the database on the same interface that i am collecting data on..... Hope this helps..... Greg ----- Original Message ----- From: "Michael Gargiullo" <gargiullo () comcast net> To: "Dave Packham" <dave.packham () utah edu> Cc: <snort-users () lists sourceforge net> Sent: Thursday, July 11, 2002 9:16 PM Subject: Re: [Snort-users] Mysql Performance with snort and demarc/puresecure
Have you checked out the mysql site for performance tips? On Sun, 2002-07-07 at 23:52, Dave Packham wrote:I am using a dual GIG CPU box with 1 GIG of ram with demark/puresecure and logging about 20k+ events per hour into my snort collector with MySql. I have used the my-huge.cnf file to allow MySql to use a ton of ram. My question is... what are some other tweaks that I can use at the OS or MySql level to get better performance? Hdparm? Mysqloptimize? Can I pre build some lookups during the night etc? Anything? Thanks Dave Packham U of Utah ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Gadgets, caffeine, t-shirts, fun stuff. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Mysql Performance with snort and demarc/puresecure Dave Packham (Jul 08)
- Re: Mysql Performance with snort and demarc/puresecure Michael Gargiullo (Jul 11)
- Re: Mysql Performance with snort and demarc/puresecure Greg Robinson (Jul 12)
- Re: Mysql Performance with snort and demarc/puresecure Michael Gargiullo (Jul 11)