After running several tests with PostgreSQL-7.1.3 versus some other
opensourced SQL servers, i was very pleased by its performance when it
comes to SELECTs on multiple large tables.
But there's a problem: if i use PostgreSQL as a SQL backend for Snort,
running Snort as a network sniffer and logging all relevant information
about IP packets into the database, i see a lot of packet drops.
Basically, once the traffic is higher that a certain limit, and once
PostgreSQL starts eating up 100% CPU time, it starts missing packets.
On the same hardware, sniffing the same traffic, using other SQL servers
as backends, the CPU usage is smaller and i don't see any packet drops
(but then i'm missing PostgreSQL capabilities).
Snort is using just one database, and has several tables in it; each
table has 5...10 columns, each column is an integer type. In this SQL
structure, Snort is doing a lot of INSERTs, very fast.
In these conditions, i need to make PostgreSQL as fast as it can be.
I already tried "fsync = false", but it's not enough. It looks like i
have to use every trick in the book to speed it up. Can you give me some
suggestions on something else i can try?
--
Florin Andrei
"Engineering does not require science." - Linus Torvalds