Snort mailing list archives

Re: ACID/MySql DB performance

From: Erick Mechler <emechler () techometer net>
Date: Fri, 14 Feb 2003 10:10:09 -0800

:: I am holding 5 Million events in my database and it runs very
:: well. Here is my configuration.

[...snip...]

:: Database Hardware:
:: Fujitsu M400 (quad 600 MHZ CPU's with 6GB of RAM).
:: Sun Gigabit Ethernet adaptor.
:: 2 LP8000 Fiber Channel adaptors using EMC PowerPath.
:: 125 GB of EMC Symmetrix Storage.

And I have 100k alerts in my DB which is a dual 400MHz CPU system with .5GB
RAM (but I haven't hit the break point yet).  So, as with every answer that
has to do with performance: it depends.  If you're monitoring your home DSL
line and you're going to get maybe 15 alerts a day, a Pentium system is
sure to handle it.  If you have an enterprise setup with millions of alerts
per day, you're going to need a huge system to handle the DB, and some
programming effort to come up with a proper way to rotate your alerts out
to archive DBs, etc.

Cheers - Erick


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ACID/MySql DB performance McPheeters, Scott (Feb 14)
- Re: ACID/MySql DB performance Anton A. Chuvakin (Feb 21)
- <Possible follow-ups>
- RE: ACID/MySql DB performance larosa, vjay (Feb 14)
  - Re: ACID/MySql DB performance Erick Mechler (Feb 14)
- RE: ACID/MySql DB performance McPheeters, Scott (Feb 21)
  - Re: ACID/MySql DB performance Erick Mechler (Feb 21)