AW: BASE performance

["Lieker Heinrich" <hlieker () dohle com>]

Hello!

I have a similar problem. 
I'm using BASE with a postgresql server. When I refresh the start page, BASE needs lots of seconds to load. I have many 
alarms added to the database per minute. 
Do you have any ideas, what I should check oder optimize?

Thank you!

Regards,
Heinrich




-----Ursprüngliche Nachricht-----
Von: Willy, Andrew [mailto:AWilly () eSMIL net] 
Gesendet: Dienstag, 22. Februar 2005 15:53
An: snort-users () lists sourceforge net
Cc: 'Joel Esler'; 'Kevin Johnson'; 'Michael Stone'; 'Michael Steele'
Betreff: RE: [Snort-users] BASE performance


Gentlemen,

Thank you for your replies.  It turns out my IDS config is to blame, and address resolution 
(unableto+waitingfortimeout) was leading to the delay/lag.  

For the record, if for some reason you'd like to turn address resolution off, Kevin Johnson advises: "In your 
base_conf.php file I would recommend changing $resolve_IP to equal 0 and try again."

Regards,

Andrew


-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com]
Sent: Monday, February 21, 2005 7:19 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] BASE performance


Can you tell us what optimizing the MySQL database might be, and the procedure?

I do understand that when the alerts are deleted, at least with ACID there are some remains of the alerts left behind. 
Can these be cleaned, and if so, how?

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin () lists sourceforge net [mailto:snort-users- 
> admin () lists sourceforge net] On Behalf Of Michael Stone
> Sent: Monday, February 21, 2005 4:05 PM
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] BASE performance
>
> On Mon, Feb 21, 2005 at 11:55:28AM -0700, Willy, Andrew wrote:
> > We're using BASE / Apache / Snort / MySQL on Win 2k, just recently 
> > installed.  Many lookups using this front end are very slow, 
> > sometimes taking 30-50 seconds to load. Our database is new and not 
> > very large. Processor (1ghz) utilization is between %0 and %3.  The 
> > inital home pages loads quickly, it's only lookups that crawl.
>
> On the front page, how many total alerts does it report? For databases 
> processor is largely irrelevant--how much RAM do you have? Have you 
> done any mysql tuning?
>
> Mike Stone
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real 
> users. Discover which products truly live up to the hype. Start 
> reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the 
hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged 
and may contain confidential health information. This email is intended to be reviewed only by the individual or 
organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an 
affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to support () esmil com 
- and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this 
email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential 
health information is protected by state and federal law, including, but not limited to, the Health Insurance 
Portability and Accountability Act of 1996 and related regulations.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the 
hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users