Tuning ACID

Under a large working load, ACID's capability to load pages in a timely manner can deteriorate. When the intrusion database becomes significantly large, ACID has to query through a vast amount of data with relatively complex queries. You can use two strategies to reduce the amount of processing ACID has to do, and in turn decrease page load time. The most basic method is to reduce the amount of data ACID has to search through. You can move intrusion data to the archive database or delete it altogether. The other possibility is to reduce the caching of certain types of data, which will reduce the amount of overhead each page uses to load.

Archiving Alerts

Ideally you want to archive alerts first and then later delete unwanted alerts ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.