Snort mailing list archives
Re: Snort populates Mysql a lot
From: Dustin Webber <dustin.webber () gmail com>
Date: Thu, 23 Dec 2010 10:42:02 -0500
Jelo, You can also try another database engine / optimized configurations. Look at http://www.percona.com/ you should see noticeable improvement. - Dustin On Dec 23, 2010, at 10:26 AM, Joel Esler wrote:
Sounds like you need to turn some rules off. Evaluate the rules you have alerting and see if you need to have those on (if they affect your network), etc. Joel On Dec 23, 2010, at 10:04 AM, J. L. Cabral wrote:Dear, Snort 2.9 is working fine, but I have a problem: in 3 days I get more than 1.000.000 alerts visualizated in BASE, and so the access to this web interafce is very slowly. I had to delete all the data from the mysql tables and start Snort again. Can you give me any advice to get the alerts without affect the performance of the system ??? And how many alerts approximately can MySQL stores without crash ??? Thanks a lot JeLo ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort populates Mysql a lot J. L. Cabral (Dec 23)
- Re: Snort populates Mysql a lot Joel Esler (Dec 23)
- Re: Snort populates Mysql a lot Dustin Webber (Dec 23)
- Re: Snort populates Mysql a lot evilghost () packetmail net (Dec 23)
- <Possible follow-ups>
- Re: Snort populates Mysql a lot Gregory Zill (Dec 23)
- Re: Snort populates Mysql a lot J. L. Cabral (Dec 23)
- Re: Snort populates Mysql a lot Matt Watchinski (Dec 23)
- Re: Snort populates Mysql a lot Joel Esler (Dec 23)
- Re: Snort populates Mysql a lot J. L. Cabral (Dec 30)
- Re: Snort populates Mysql a lot J. L. Cabral (Dec 23)
- Re: Snort populates Mysql a lot Joel Esler (Dec 23)