Home page logo

snort logo Snort mailing list archives

Best practices for very high volume install..
From: Wil Schultz <wschultz () bsdboy com>
Date: Mon, 20 Dec 2010 13:24:35 -0800

Hey there, have a very high traffic install (snort 2.9/barnyard2) that I'm trying to get into a good and usable 

At this point I've got a gig port that's saturated to the box so we're going to do a 2g port-channel here in a bit.

So far I've come to the conclusion that mysql binary logging isn't realistic, so it's been turned off.

Additionally I've got a script that runs at midnight to purge alerts that are greater than 2 days old.

I'm considering putting the database into RAM for a little more speed.

Does anyone else have some other best practice type suggestions for a very high traffic box?

Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]