Thanks Jason, I noticed a bit after I posted when I did a netstat on that machine had a lot of sockets open to our DNS server and that was when I started to suspect the DNS issue you pointed out here. It ended up taking 231 minutes, 1 second to run through that log file. I decided to go ahead and post the results on my website. http://www.billclark.net If you are interested in the Honeynet Scan loganalysis challenge then you may want to take a look. It's a good starting point to start working with the data. Bill W. Clark Sr. Security Engineer, Data Security bill.clarkATumbDOTcom UMB Bank | http://www.umb.com PGP ID: 0x7E1F8D94 On Thu, 2004-03-04 at 10:19, Clark, Bill W. wrote: > Anybody have any recommendations on how to speed up fwanalog or > analog? ... the CPU is hardly even working and memory isn't taxed. > Just looking for rules of thumb as to how long fwanalog/analog take to > run generally and if there are any steps that improve the timeline. DNS, DNS, DNS. Check you haven't enabled DNS resolution. If you are going through a multitude of IP addresses - trying to resolve them - it *will* add hours to the processing. Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Mar 03 2004 - 15:20:05 PST