Re: [Snort-users] Database performance question (MySQL or
This is a discussion on Re: [Snort-users] Database performance question (MySQL or within the Snort forums, part of the System Security and Security Related category; We have 300,000-500,000 alerts in the ACID database at any one time, but we have quite a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-26-2003
|
|||
|
|||
Re: [Snort-users] Database performance question (MySQL or
We have 300,000-500,000 alerts in the ACID database at any one time, but
we have quite a bit more hardware. (4x1G Sparc procressors & 4G RAM). Default ACID home page loads < 10 seconds. We added 5-6 more queries to the home page & now it loads in 12 sec or so. MySQL tuning makes big difference. We were at 5-10 minutes to load the home page before we: 1) Followed MySQL's tuning documentation. 2) Started archiving old events (we had 2 million events in ACID). 3) Started runnining 'optimize table' regularily. --Dave >>> Jyri Hovila <jyri.hovila@iki.fi> 9/26/2003 2:24:14 AM >>> Howdy! Please let's not let this turn this into SQL wars. =) I'm sure this issue has been discussed several times before but I'm unable to find anything about it in the snort-users archives. I'm currently running several Snort sensors with a central MySQL database. Recently the database speed has become a problem. When the number of alerts is starting to reach 100 000, ACID is starting to get slow. Add another 100 000 alerts and ACID is almost unusable. My database server is not doing anything else but running MySQL and ACID. Here are the specs: - Pentium II 450 MHz (normally almost totally idle, jumps to 80% when making SQL queries) - 384 RAM (about 50% used, jumps to 60-70% when making queries) - 7200 RPM IDE HD (yes, I know...) As CPU and RAM utilization is almost never higher than 80% and still the queries take awfully long to finish, could the HD be a problem? I remember seeing discussions about differences between MySQL and PostgreSQL performance. If I remember correctly, PostgreSQL was believed to be somewhat faster. Could anybody with some real life experience on this issue share hers/his knowledge? Thanks! - Jyri ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 07:59 AM.
