Snort mailing list archives

Previous By Date Next
Previous By Thread Next

For those of you

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Tue, 27 Jul 2004 10:48:46 -0400
Someone emailed me today offline in response to the mysql I had, well,
instead of messing with it I wrote a php script (yes) that cleans out
whatever database you have whenever you want it to do it.  (by changing
the interval).

It's not rocket science, but I figure I'll put it out there for people
that don't want to reinvent the wheel.  Run it once a day through your
crontab.

-------------begin cut----------------
#!/bin/php -q
<?php
//define mysql connection settings
define('HOST', 'localhost');
define('USER', 'user');
define('PASS', 'password');
define('DB', 'dbname');

mysql_connect(HOST, USER, PASS)
or die("Couldnt connect to database");
mysql_select_db(DB)
or die("Couldnt select database");

//This delete query will purge all logs that are older than 30 days
$delete = mysql_query("DELETE FROM event WHERE timestamp <
CURRENT_DATE() - INTERVAL 30 DAY")
or die(mysql_error());
$delete = mysql_query("DELETE FROM acid_event WHERE timestamp <
CURRENT_DATE() - INTERVAL 30 DAY;")
or die(mysql_error());
?>
----------end cut-----------------

Okay, well how about all those tcpdump binaries I have that I want to
keep but don't want taking up a bunch of space?
This is REALLY not rocket science...

-----------begin cut-------------

#!/bin/sh

find /path/to/your/snort/logs/* -mtime 1 -exec gzip {} \;

#If you want them to just be deleted after one year too...

find /path/to/your/snort/logs/* -mtime 365 -exec rm -rf {} \;

--------------end cut--------------

Execute that script once an hour.  Like I said, it's not brain surgery,
just thought these command could be useful to everyone besides the guy
that emailed me.

J


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: