Tuning ACID
Under a large working load, ACID's capability to load pages in a timely manner can deteriorate. When the intrusion database becomes significantly large, ACID has to query through a vast amount of data with relatively complex queries. You can use two strategies to reduce the amount of processing ACID has to do, and in turn decrease page load time. The most basic method is to reduce the amount of data ACID has to search through. You can move intrusion data to the archive database or delete it altogether. The other possibility is to reduce the caching of certain types of data, which will reduce the amount of overhead each page uses to load.
Archiving Alerts
Ideally you want to archive alerts first and then later delete unwanted alerts ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.