Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort, Mysql purging

From: Mark Fagan <r00t () online ie>
Date: Thu, 11 Dec 2003 09:56:48 +0000
Hi Jack,

I have the same problem with many sensors on customers sites, and instead of 
asking the customer to change the PHP timeout and wait for hours while ACID 
deletes the alerts.

I ask them to use MySql Control Center which is a Win32 MySql client, deletes 
the alerts in seconds.

Hope this helps ....

Mark


Quoting Jack Snedecor <jsnedecor () geninfo com>:


New user....

 

I have installed snort, mysql and acid per the published instructions.
Works great.

I am by no means an expert at any of these though.

What I have not found is a method to purge the database on a regular
schedule.

I had a minor welchia virus this week that drove the database size way up.
Now

 acid is taking mins. to build pages.  Can someone point me in the right
direction?

 

Jack Snedecor

GiS

VP, Network Operations Group

-----Original Message-----
From: Sp0oKeR Labs [mailto:spooker () spooker com br] 
Sent: Wednesday, December 10, 2003 6:47 PM
To: Grammer, Christopher S; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Remote NIDS

 

At your snort.conf, in all sensors use:

 

output database: log, mysql, user=user_snort password=pass_snort
dbname=db_snort host=ip_server_mysql_acid

 

You can create the snort database with create_mysql at contrib/ directory .

Best Regards,

 

Sp0oKeR

----- Original Message ----- 

From: Grammer, <mailto:christopher.grammer () eds com>  Christopher S 

To: snort-users () lists sourceforge net
<mailto:snort-users () lists sourceforge net>  

Sent: Wednesday, December 10, 2003 7:03 PM

Subject: [Snort-users] Remote NIDS

 

I am looking for a method to have remote NIDS log alerts to a central
SNORT/Acid box running MySQL and Redhat 9.0.

Anyone have a link for docs on this or recommendations?

 

Chris



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: