Re: [Snort-users] Snort-DNS lookup question
This is a discussion on Re: [Snort-users] Snort-DNS lookup question within the Snort forums, part of the System Security and Security Related category; This is ACID doing the DNS lookup, not snort. You can fix this by editing the acid_conf.php file and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-18-2004
|
|||
|
|||
Re: [Snort-users] Snort-DNS lookup question
This is ACID doing the DNS lookup, not snort. You can fix this by
editing the acid_conf.php file and changing to this value: resolve_IP = 0; Other tweaks: 1) show_summary_stats = 0; # This will disable showing stats at the top 2) event_cache_auto_update = 0; # Huge performance boost but you will have to manually update your cache 3) main_page_detail = 0; # Has to do with summary stats 4) show_previous_alert = 0; # Will only show first/last alert Also, if you regularly delete data from ACID you should optimize your database. When I used ACID I use to have this run from cron once a week: for table in `echo show tables | mysql <name_of_snort_db> | tail +2` do echo optimize table $table | mysql <name_of_snort_db> done This requires the root user to have access to the db without a password from localhost. If the root user does not have this access you can specify one that does with -u <user_name> after the dbname. Or if you need a password you can do a -u <user_name> --password=<password>. On Wed, 2004-08-18 at 08:52, Clayton Mascarenhas wrote: > Hi > > When I run Acid.. it takes a lot of time to show up.. > I'm guessing its because of the excessive number of > alerts I am receiving. Inorder for me to improve the > speed ... in a little way... is there any way in > snort where I can remove its capability of trying to > look up the DNS to try to resolve the ip addresses it > catches in the alert files. My thinking is that by > stopping this function in snort... Acid wont have that > "FQDN" column that always shows me Unable to resolve > address... thus improving the speed. Please could > someone correct me if I am wrong... or let me know how > to remove the DNS lookup in snort. > > Thanks > > Clayton > > > > __________________________________ > Do you Yahoo!? > New and Improved Yahoo! Mail - Send 10MB messages! > http://promotions.yahoo.com/new_mail > > > ------------------------------------------------------- > SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media > 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 > Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. > http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
