Snort mailing list archives
Re: Snort, Mysql purging
From: "Josh Berry" <josh.berry () netschematics com>
Date: Wed, 10 Dec 2003 17:36:39 -0600 (CST)
I HIGHLY suggest NOT deleting the information. I suggest having a secondary archive db that you move stuff like Welchia too when you think you don't need it anymore. That way you can keep the data and free up resources on your primary DB. Then if you really need to delete the data you can on the archive. Acid provides a drop-down bar to allow you to delete any query you run but if you really want to purge the DB then use a truncate table [table_name] command in MySQL.
New user.... I have installed snort, mysql and acid per the published instructions. Works great. I am by no means an expert at any of these though. What I have not found is a method to purge the database on a regular schedule. I had a minor welchia virus this week that drove the database size way up. Now acid is taking mins. to build pages. Can someone point me in the right direction? Jack Snedecor GiS VP, Network Operations Group -----Original Message----- From: Sp0oKeR Labs [mailto:spooker () spooker com br] Sent: Wednesday, December 10, 2003 6:47 PM To: Grammer, Christopher S; snort-users () lists sourceforge net Subject: Re: [Snort-users] Remote NIDS At your snort.conf, in all sensors use: output database: log, mysql, user=user_snort password=pass_snort dbname=db_snort host=ip_server_mysql_acid You can create the snort database with create_mysql at contrib/ directory . Best Regards, Sp0oKeR ----- Original Message ----- From: Grammer, <mailto:christopher.grammer () eds com> Christopher S To: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Sent: Wednesday, December 10, 2003 7:03 PM Subject: [Snort-users] Remote NIDS I am looking for a method to have remote NIDS log alerts to a central SNORT/Acid box running MySQL and Redhat 9.0. Anyone have a link for docs on this or recommendations? Chris ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort, Mysql purging Jack Snedecor (Dec 10)
- Re: Snort, Mysql purging Josh Berry (Dec 10)
- Re: Snort, Mysql purging Frank Knobbe (Dec 10)
- Re: Snort, Mysql purging Mark Fagan (Dec 11)
- Re: Snort, Mysql purging Josh Berry (Dec 10)