Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 031632.html (Request Expert snort.org Support)

RE: [Snort-users] Question on database for Snort

From: Kenneth G. Arnold <bkarnold(at)cbu.edu>
Date: Mon Mar 31 2003 - 17:41:35 EST

I am currently working on a web-based interface also. Our mysql database currently has about 630,000 alerts in it. The main page of my system displays the current day's activity of about 4000 alerts grouped by alert in descending order with a count for each alert in about 1 second. The data is extracted from the default snort tables with no additional indexes. A similar query in ACID takes 2 1/2 minutes once you have reached the main page.

One main difference between the two is that ACID must be looking at each individual alert because it displays the first and last occurrences for each alert type. This means that the application is doing a large portion of the work and the database is simply supplying it with information. I have my page generated from a single sql statement that returns only the information I need to the program. The database does most of the work and the application simply displays it.

Of course the beauty of an application that you have written yourself is that you can make it very efficient. I am writing mine for Solaris and mysql using C. It is unknown whether the finished application will even run on other configurations. ACID is designed to run on a lot more platforms using multiple databases and that slows it down.

Ken

At 03:32 PM 3/31/03 -0600, Paul Schmehl wrote:
>On Mon, 2003-03-31 at 13:35, Kreimendahl, Chad J wrote:

Brother Kenneth Arnold
System Administrator
Information Technology Services
Christian Brothers University
(901) 321-4333


This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Mon Mar 31 17:48:30 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:50:32 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library