Home page logo
/

snort logo Snort mailing list archives

Best practices for very high volume install..
From: Wil Schultz <wschultz () bsdboy com>
Date: Mon, 20 Dec 2010 13:24:35 -0800

Hey there, have a very high traffic install (snort 2.9/barnyard2) that I'm trying to get into a good and usable 
position. 

At this point I've got a gig port that's saturated to the box so we're going to do a 2g port-channel here in a bit.

So far I've come to the conclusion that mysql binary logging isn't realistic, so it's been turned off.

Additionally I've got a script that runs at midnight to purge alerts that are greater than 2 days old.

I'm considering putting the database into RAM for a little more speed.

Does anyone else have some other best practice type suggestions for a very high traffic box?

-wil
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]