RE: (no subject)

["Reeves, Michael (GEAE, Compaq)" <michael.reeves () ae ge com>]

I would drop the database and recreate it if you want to start "fresh" Only
takes a few minutes... Or even create a new instance and have your new
events logged there and point ACID there. Hope that helps.
 
Mike Reeves
Security Administrator
GE Aircraft

-----Original Message-----
From: Wells, Kenneth L [mailto:kw151002 () exchange DAYTONOH NCR com]
Sent: Monday, September 17, 2001 4:12 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] (no subject)


When I look at my default snort view screen I see TCP, UCP, ICMp, etc....
traffic.
 
how can I erase all of this and start clean?
 
I want to move my sensor to another subnet but want to clear out the old
data....
 
Kenny
 
I'm using acid v0.9.6b6 for windows 2000

-----Original Message-----
From: Wayne T Work [mailto:wwork () cybergnostic com] 
Sent: Monday, September 17, 2001 4:00 PM
To: Wells, Kenneth L; snort-users () lists sourceforge net
Subject: Re: [Snort-users] (no subject)


Yepper there is a way.
select a protocol to look at and then go to the bottom. the selection on the
left side will let you do several things. Archive is one as well as delete.
Choos which one and then go right to select only that page, all in query or
you can check the blocks on the ones you want to perform actions on. All
this is on the latest version of ACID

Good luck

At 03:40 PM 9/17/2001 -0400, Wells, Kenneth L wrote:



I'm currently using ACId for my snort Ids. Is there a way that I can archive
old data and start collecting new data? 

Kenny 

Wayne