After running several tests with PostgreSQL-7.1.3 versus some other opensourced SQL servers, i was very pleased by its performance when it comes to SELECTs on multiple large tables. But there's a problem: if i use PostgreSQL as a SQL backend for Snort, running Snort as a network sniffer and logging all relevant information about IP packets into the database, i see a lot of packet drops. Basically, once the traffic is higher that a certain limit, and once PostgreSQL starts eating up 100% CPU time, it starts missing packets. On the same hardware, sniffing the same traffic, using other SQL servers as backends, the CPU usage is smaller and i don't see any packet drops (but then i'm missing PostgreSQL capabilities).
Snort is using just one database, and has several tables in it; each table has 5...10 columns, each column is an integer type. In this SQL structure, Snort is doing a lot of INSERTs, very fast. In these conditions, i need to make PostgreSQL as fast as it can be. I already tried "fsync = false", but it's not enough. It looks like i have to use every trick in the book to speed it up. Can you give me some suggestions on something else i can try? -- Florin Andrei "Engineering does not require science." - Linus Torvalds ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
