Snort mailing list archives
For those of you
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Tue, 27 Jul 2004 10:48:46 -0400
Someone emailed me today offline in response to the mysql I had, well, instead of messing with it I wrote a php script (yes) that cleans out whatever database you have whenever you want it to do it. (by changing the interval). It's not rocket science, but I figure I'll put it out there for people that don't want to reinvent the wheel. Run it once a day through your crontab. -------------begin cut---------------- #!/bin/php -q <?php //define mysql connection settings define('HOST', 'localhost'); define('USER', 'user'); define('PASS', 'password'); define('DB', 'dbname'); mysql_connect(HOST, USER, PASS) or die("Couldnt connect to database"); mysql_select_db(DB) or die("Couldnt select database"); //This delete query will purge all logs that are older than 30 days $delete = mysql_query("DELETE FROM event WHERE timestamp < CURRENT_DATE() - INTERVAL 30 DAY") or die(mysql_error()); $delete = mysql_query("DELETE FROM acid_event WHERE timestamp < CURRENT_DATE() - INTERVAL 30 DAY;") or die(mysql_error()); ?> ----------end cut----------------- Okay, well how about all those tcpdump binaries I have that I want to keep but don't want taking up a bunch of space? This is REALLY not rocket science... -----------begin cut------------- #!/bin/sh find /path/to/your/snort/logs/* -mtime 1 -exec gzip {} \; #If you want them to just be deleted after one year too... find /path/to/your/snort/logs/* -mtime 365 -exec rm -rf {} \; --------------end cut-------------- Execute that script once an hour. Like I said, it's not brain surgery, just thought these command could be useful to everyone besides the guy that emailed me. J ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- For those of you Esler, Joel - Contractor (Jul 27)
- Re: For those of you sekure (Jul 27)
- Re: For those of you Max Valdez (Jul 27)
- <Possible follow-ups>
- RE: For those of you Esler, Joel - Contractor (Jul 27)
- RE: For those of you John Creegan (Jul 27)
- Re: For those of you sekure (Jul 27)