Snort mailing list archives

RE: Snort runs really slow

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Tue, 10 Aug 2004 07:14:12 -0500
Are you talking about acid running slow?  It is just a PHP front end to
mysql.  Acid gets slower the more alerts you have in the database.
openaanval is faster in my opinion, you might give that a try. 

As for the database size you have a few options.  Paul Schmehl has a log
rotating script that you can find at www.ntsug.org.  What you need to do
most likely is tune your IDS.  Tuning is the biggest job of running an
IDS.  If you have a bunch of irrelevant alerts then you are going to
spend too much time looking at data that does not matter.  Make sure you
have all your variables set right and go through the rule files.  That
will help the most.  

-----Original Message-----
From: Ali Nasir Hussain [mailto:alinasir () worldcall net pk] 
Sent: Tuesday, August 10, 2004 5:08 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort runs really slow

I have installed snort-2.1.3
Its really slow.
When I installed it the main page was displayed after 2-3 seconds.
but after 10-15 minutes the main page displays after about 60-70+
seconds.
As the time progresses it takes more and more time to load.
 
Also the the database size increases very severely. Any remedy for that
 
Ali

        ----- Original Message ----- 
        From: Ali Nasir Hussain <mailto:alinasir () worldcall net pk>  
        To: snort-users () lists sourceforge net 
        Sent: Tuesday, August 10, 2004 10:43 AM
        Subject: snort error
        
        
        I have installed snort but all the parameters are always ZERO.
        
        I have run the command
        snort -c /etc/snort/snort.conf
        and it gives me following error.
        
------------------------------------------------------------------------
----
        -------------------------------------------------------------
        ERROR: Fatal Error, Quitting..
        
        USAGE: database plugin
        
         output database: [log | alert], [type of database], [parameter
list]
        
         [log | alert] selects whether the plugin will use the alert or
         log facility.
        
         For the first argument, you must supply the type of database.
         The possible values are mysql, postgresql, odbc, oracle and
         mssql
         The parameter list consists of key value pairs. The proper
         format is a list of key=value pairs each separated a space.
        
         The only parameter that is absolutely necessary is "dbname".
         All other parameters are optional but may be necessary
         depending on how you have configured your RDBMS.
        
         dbname - the name of the database you are connecting to
        
         host - the host the RDBMS is on
        
         port - the port number the RDBMS is listening on
        
         user - connect to the database as this user
        
         password - the password for given user
        
         sensor_name - specify your own name for this snort sensor. If
you
                do not specify a name one will be generated
automatically
        
         encoding - specify a data encoding type (hex, base64, or ascii)
        
         detail - specify a detail level (full or fast)
        
         ignore_bpf - specify if you want to ignore the BPF part for a
sensor
        
                      definition (yes or no, no is default)
        
         FOR EXAMPLE:
         The configuration I am currently using is MySQL with the
database
         name of "snort". The user "snortusr@localhost
<mailto:snortusr@localhost> " has INSERT and SELECT
         privileges on the "snort" database and does not require a
password.
         The following line enables snort to log to this database.
        
         output database: log, mysql, dbname=snort user=snortusr
host=localhost
        
------------------------------------------------------------------------
----
        --------------------------------------------------
        
        I am using the following in snort.conf
        output database:log, mysql, user=snort password=xyz dbname=snort
        host=localhost
        





Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort runs really slow Ali Nasir Hussain (Aug 10)
- Re: Snort runs really slow Edin Dizdarevic (Aug 10)
- Re: Snort runs really slow Edin Dizdarevic (Aug 10)
- <Possible follow-ups>
- RE: Snort runs really slow Harper, Patrick (Aug 10)