Snort mailing list archives

Re: Snort populates Mysql a lot

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 23 Dec 2010 10:26:12 -0500

Sounds like you need to turn some rules off.  Evaluate the rules you have alerting and see if you need to have those on 
(if they affect your network), etc.

Joel

On Dec 23, 2010, at 10:04 AM, J. L. Cabral wrote:

Dear, Snort 2.9 is working fine, but I have a problem: in 3 days I get more than 1.000.000 alerts visualizated in 
BASE, and so the access to this web interafce is very slowly.

I had to delete all the data from the mysql tables and start Snort again.

Can you give me any advice to get the alerts without affect the performance of the system ???

And how many alerts approximately can MySQL stores without crash ???

Thanks a lot

JeLo
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort populates Mysql a lot J. L. Cabral (Dec 23)
- Re: Snort populates Mysql a lot Joel Esler (Dec 23)
  - Re: Snort populates Mysql a lot Dustin Webber (Dec 23)
  - Re: Snort populates Mysql a lot evilghost () packetmail net (Dec 23)
- <Possible follow-ups>
- Re: Snort populates Mysql a lot Gregory Zill (Dec 23)
  - Re: Snort populates Mysql a lot J. L. Cabral (Dec 23)
    - Re: Snort populates Mysql a lot Matt Watchinski (Dec 23)
    - Re: Snort populates Mysql a lot Joel Esler (Dec 23)
    - Re: Snort populates Mysql a lot J. L. Cabral (Dec 30)