Snort mailing list archives

RE: Problem with MYSQL/ACID And Large Database

From: "Maynard, Jeff S." <Jeff.Maynard () banctec com>
Date: Mon, 3 Mar 2003 09:31:55 -0600

I am currently running around 100,000 events in the acid_event file.  Are
there some notes on how to set up archieving?
-----Original Message-----
From: Pacheco, Michael F. [mailto:MPacheco () elcom com] 
Sent: Monday, March 03, 2003 9:29 AM
To: 'Maynard, Jeff S.'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Problem with MYSQL/ACID And Large Database

Had the same problem, its DNS related, I fixed it 2 ways.   Got rid of IE
and went to Netscape (Mozilla on RH 8.0 works well also) or if you need IE
for some reason, put a hosts file entry on your workstation pointing at the
Acid site.  I did the hosts entry first and performance over IE picked up
dramatically,  installed Netscape 7.0 on the workstation and ACID
performance was much better - IE is still liveable, but Netscape just seems
to handle php code better.

Of course this is workstation related, if your carrying 30k plus alerts in
your MySQL db instance then you really need to set up an archive instance
off the primary db server - but that's a different story.

Hope that helps,

Mike

Michael F. Pacheco  CCNA, MCSE
Network Analyst
Elcom International
10 Oceana Way
Norwood, Ma. 02062
Direct   781-501-4258
Fax      781-762-1540
mpacheco () elcom com

-----Original Message-----
From: Maynard, Jeff S. [mailto:Jeff.Maynard () banctec com] 
Sent: Monday, March 03, 2003 9:53 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Problem with MYSQL/ACID And Large Database

I am having a problem with the ACID running against the MYSQL database.
This is a new installation of Snort and I am still working on tuning the
false positives so there is a tremendous amount of data in the database.
The problem that I am running into is that I cannot get the ACID console to
load in any reasonable timeframe which results in a timeout of the browser.
I have increased my PHP timeout settings which helps for a day or so but
again the database grows and it starts to time out again.  I end up having
to go into the acid_events database and manually delete records which I
would prefer not to do until I have had a chance to review them in
coorelation to the rest of the data.  Has anyone else had this problem and
if so how did you correct it?

Current thread:

Problem with MYSQL/ACID And Large Database Maynard, Jeff S. (Mar 03)
- <Possible follow-ups>
- RE: Problem with MYSQL/ACID And Large Database Maynard, Jeff S. (Mar 03)
- RE: Problem with MYSQL/ACID And Large Database Pacheco, Michael F. (Mar 03)
  - RE: Problem with MYSQL/ACID And Large Database Paul Schmehl (Mar 03)
- Re: Problem with MYSQL/ACID And Large Database Kenneth G. Arnold (Mar 03)
- RE: Problem with MYSQL/ACID And Large Database Pacheco, Michael F. (Mar 03)
- RE: Problem with MYSQL/ACID And Large Database Pacheco, Michael F. (Mar 03)
- RE: Problem with MYSQL/ACID And Large Database Maynard, Jeff S. (Mar 03)