Snort mailing list archives
Re: Snort/ACID Database Cleanup
From: Mark Rowlands <mark.rowlands () minmail net>
Date: Fri, 19 Apr 2002 13:20:40 +0200
-----Original Message----- From: krista l merrill [mailto:kmerr001 () cs fiu edu] Sent: Friday, April 12, 2002 3:06 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort/ACID Database Cleanup Does anyone know of any MySQL-specific Snort/ACID database cleanup scripts? I'd like to delete alerts after a certain number of days.
well as a starting point http://archives.neohapsis.com/archives/snort/2001-10/0329.html but why not use the built in archive function? http://www.andrew.cmu.edu/~rdanyliw/snort/acid_archive_instruct.html On Saturday 13 April 2002 5:44 am, Ronneil Camara wrote:
You can use Perl, DBI, DBD. All you have to do is do a delete from tablename where date is likethis. You must also execute flush privileges after that. This is a good question btw. I've got a follow-up question now though I can answer it myself, I don't want to scrutinize acid code.
So somebody else should on your behalf? ;-)
What are the tables that I need to clean, is it just events? What about data?
no, there are a number of related tables. see http://www.andrew.cmu.edu/~rdanyliw/snort/acid_db_er_v102.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/ACID Database Cleanup krista l merrill (Apr 12)
- <Possible follow-ups>
- RE: Snort/ACID Database Cleanup Ronneil Camara (Apr 12)
- Re: Snort/ACID Database Cleanup Mark Rowlands (Apr 19)
- RE: Snort/ACID Database Cleanup Whaley, Mike (Apr 19)
- Re: Snort/ACID Database Cleanup Mark Rowlands (Apr 19)