O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Tuning ACID

Under a large working load, ACID's capability to load pages in a timely manner can deteriorate. When the intrusion database becomes significantly large, ACID has to query through a vast amount of data with relatively complex queries. You can use two strategies to reduce the amount of processing ACID has to do, and in turn decrease page load time. The most basic method is to reduce the amount of data ACID has to search through. You can move intrusion data to the archive database or delete it altogether. The other possibility is to reduce the caching of certain types of data, which will reduce the amount of overhead each page uses to load.

Archiving Alerts

Ideally you want to archive alerts first and then later delete unwanted alerts ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required