Re: Problem with MYSQL/ACID And Large Database

["Kenneth G. Arnold" <bkarnold () cbu edu>]

Yes I have the same problems also.  I didn't turn on mysql output until the 
rules were tuned pretty well using SnortSnarf and the alert file.  I delete 
all the entries generated by the events every so often to bring the 
database down to a manageable size.  Someone else posted this reference 
recently.  It refers to optimizing the tables and creating indexes.  I 
think the newest version of ACID already creates the indexes so I would 
suggest that you try optimizing the tables to see if that helps.

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b10

Ken

At 08:52 AM 3/3/03 -0600, Maynard, Jeff S. wrote:
> I am having a problem with the ACID running against the MYSQL 
> database.  This is a new installation of Snort and I am still working on 
> tuning the false positives so there is a tremendous amount of data in the 
> database.  The problem that I am running into is that I cannot get the 
> ACID console to load in any reasonable timeframe which results in a 
> timeout of the browser.  I have increased my PHP timeout settings which 
> helps for a day or so but again the database grows and it starts to time 
> out again.  I end up having to go into the acid_events database and 
> manually delete records which I would prefer not to do until I have had a 
> chance to review them in coorelation to the rest of the data.  Has anyone 
> else had this problem and if so how did you correct it?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users