RE: [ISSForum] Siteprotector and Java..so slooooow

[issforum-admin]

Title: Message

JaimeO,   My client did not want to wait for SP2.0, so we started deployment of SP1.2 and had about 40 network sensors and 20 server sensors reporting (all distributed across the U.S./territories) when we experienced some major SQL database issues.  As the database grew the SP1.2 Console polling/pulls slowed dramatically and I resorted many times to killing the console via task manager.  It eventually because almost useless.    At the time the Enterprise Database/SQL Server was a dual pentium 3/800Mhz with 2Gb of memory.  The database 'crash' we experienced seemed unrelated to ISS, but had to do with the disk array receiving data, but not confirming it with the SQL Server application, because of the large volume of IDS data that were receiving.      SP 2.0 was available by this time, and we determined that a fresh installation on the back-end components and a new system for the database server would be required.  The DB Server now is a dual Pentium IV 3Ghz, with 4 Gb memory, and a 300Gb hardware supported disk array.  I had to copy new encryption keys to the sensors that were deployed, but this solution seemed better than trying to rebuild the SP1.2 as our eventual end-deployment sensor total is 250+ network sensors and 100+ server sensors.  Currently our DB size grows between 5 to 10Gb per day, but the SP 2.0 Console response time is not bad and does not seem to experience as many problems.  An ISS engineer had told me that the indexing in SP2.0 is better, I'm not a DBA, but it appears to be much better.   Hope that gives you some insight.   Bob       Robert J. Craig, CISM, CISSP, SSCP Senior Security Engineer NETSEC 13525 Dulles Technology Drive Herndon, VA  20171 (703) 561-0420 (703) 832-4505 fax [EMAIL PROTECTED] http://www.netsec.net   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 7:43 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Siteprotector and Java..so slooooow Still running RS-SP 1.2 but soon moving to SP 2.0 and i have a question tough which falls under developing/performance category of this application.basically my question is ISS plans to develop Siteprotector as a java application.I'm not much into app developing but from my experience similar applications running large amounts of logs and which are not developed in java but as standalone ones run way too much faster than those on java.Whenever i try to filter,switch from one sensor to another or whatever task available in SiteProtector Console , it takes so long that i find myself invoking task manager to kill Siteprotector task.   Anyone experiencing the same? Sloooow applocation response? I have some expectations about a better performance on SP2.Haven't tried SP 2.0 still tough.   10x   JaimeO.