Snort mailing list archives
RE: Optimizing Snort, MySQL & BASE installation
From: "Willy, Andrew" <AWilly () eSMIL net>
Date: Thu, 6 Oct 2005 16:54:19 -0700
Maybe someone here can tell you how to disable domain lookup in BASE, I'm pretty sure it's possible though I don't remember how. Check your BASE config files, the line you need may be easy to find. Andrew -----Original Message----- From: Affan Basalamah [mailto:affanzbasalamah () gmail com] Sent: Monday, July 04, 2005 8:33 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Optimizing Snort, MySQL & BASE installation Hi all, Currently we deploy Snort, MySQL and BASE on one box (FreeBSD/amd64 5.4-RELEASE, 1 GB RAM, 40 GB Harddrive, 2 bge0 gigabit eth) to listen on one SPAN port on my Catalyst 6500. SPAN port is mirroring 4 100Mbps FastEth port. Installation is working fine, thanks to FreeBSD Ports Collection. The problem about it is Alert management. After running it for one day, the BASE console start working slowly, took very long time to display the main console, and unable to run queries on Most Recent 15 Unique Alert and Most Frequent 5 Unique Alert. Mostly we have 1 million Alert for 1 day operation. I have already minimize my signature to detect only most frequent alert, such as worm/virus. The false positives have been commented out of my snort.conf and signature files. NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to support () esmil com - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Optimizing Snort, MySQL & BASE installation Willy, Andrew (Oct 06)
- Re: Optimizing Snort, MySQL & BASE installation Joel Esler (Oct 06)