RE: Problem with MYSQL/ACID And Large Database

["Pacheco, Michael F." <MPacheco () elcom com>]

As you mentioned, its hardware driven, I'm running my distributed setup on
converted desktops, I only have 2 real server platforms and I dedicated them
to the sensors themselves - so I got a good number of desktops from a
division closure and distribute the load across as many as possible.  If I
had a real server asset then you are correct, a larger db should not affect
the performance of ACID that much.

But if is a big word, if I only had the proper assets comes to mind.

My 2 cents...

Mike


-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu] 
Sent: Monday, March 03, 2003 1:42 PM
To: Pacheco, Michael F.
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Problem with MYSQL/ACID And Large Database

On Mon, 2003-03-03 at 09:28, Pacheco, Michael F. wrote:
> Of course this is workstation related, if your carrying 30k plus
> alerts in your MySQL db instance then you really need to set up an
> archive instance off the primary db server - but that's a different
> story.
Seriously?  30k?  I keep about 300,000 events in the acid_events table
and performance is fine.  When it got over 1,000,000, *then* it was
unacceptably slow, but 300,000 is no problem at all.

I think this number depends on the hardware you're running on and how
well you've set things up.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users