Kevin, Your e-mail is interesting... Could you give me the details on the acid & postgres/mysql configuration? How did you take the output from acid and put it into the database? Do you have any code you can send me? The difference in the database selects is amazing! Do you have any output from the query analysis tools in postgres and mysql? Thanks for your help! Lynn Tilby lynn@createv.com "Kevin Brown" wrote: >> I would like to set up a firewall and network monitoring system using snort, >> acid, and postgres as a database. Has anyone had experinece using snort and >> acid? > >Yes. I had ACID working with both MySQL and PostgreSQL for snort. I was >monitoring 200Mb/s of bandwidth with the poor little box and was recording a few >million records a week of bad traffic. Needless to say the databases faired >pretty badly when it came time to go through what had been collected. >PostgreSQL did better on the handling of data getting added, but MySQL was able >to do the selects magnitudes of orders faster (e.g. 60 second read for MySQL, >3600 second read for PostgreSQL). > >Just for fits and giggles, I turned off all the rules and then just enabled the >telnet and FTP logger rules. Saw about 30,000 unique user ids/passwords going >each way in just a few hours. I deleted the data and reinstituted the normal >ruleset, but that was an interesting test of just how easy it is to get that >kind of information when the logins are insecure like that. >--------------------------------------------------- >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >To subscribe, unsubscribe, or to change you mail settings: >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss