snort correlation stops working with huge numbers of snort logs

[vzarubin]

When srvlog tries to correlate ossec message on the snort log it tries to find all relevant logs by snort alert identifier for the closest time window. When it has a lot of ossec messages during the small period of time it tries to copy the same snort messages from unprocessed_snort_logs to snort_logs messages several times. It is proposed to omit correlation between ossec and snort_logs messages, instead of it just consolidate snort alerts with payloads in the snort_logs table directly. When it is required to show snort_logs associated with ossec alert, just open the screen with snort logs with the corresponding filters: snort identifier, time from, time to.