Snort mailing list archives
Re: Question on database for Snort
From: Michael Anderson <mca () arlut utexas edu>
Date: Mon, 31 Mar 2003 15:45:58 -0600
Just curious, are you querying the standard snort database or are you loading the snort data into a specialized database? And by any chance are you going to make your tool available to the public or is it proprietary?
Thanks, Mike
I have never tested PostgreSQL, so I can't speak to that, but I *can* address one of your points above. We are presently querying a mysql database with 8 million alerts in it, using a web-based interface that we are designing, and we are getting response times of under 3 seconds. I think the response time of any front end to a database has a lot more to do with how the queries are constructed than a lot of people realize. For example, a similar query using ACID takes about 680 seconds on a database with 1.5 million alerts in it.
Current thread:
- Question on database for Snort FWAdmin (Mar 31)
- <Possible follow-ups>
- RE: Question on database for Snort Kreimendahl, Chad J (Mar 31)
- RE: Question on database for Snort Paul Schmehl (Mar 31)
- Re: Question on database for Snort Michael Anderson (Mar 31)
- RE: Question on database for Snort Kenneth G. Arnold (Mar 31)
- RE: Question on database for Snort Paul Schmehl (Mar 31)
- RE: Question on database for Snort Sudhakar Gummadi (Mar 31)