Snort mailing list archives
Re: SQL to purge alerts over 1 month old?
From: "Terry Burton" <tez () terryburton co uk>
Date: Tue, 26 Feb 2008 10:44:29 +0000
On Mon, Feb 4, 2008 at 2:14 PM, Michael W Cocke <cocke () catherders com> wrote:
The subject line pretty much says it - I'm medium fair at SQL, but I'm not seeing this; Anyone know the syntax to flush alerts older than one month from the alerts DB (MySQL if it matters)?
Hi Mike, I've only just caught up with this thread. Archive plus looks very useful and I might try it myself some time. If you are looking for something a bit simpler then the following SQL might be of interest: http://www.terryburton.co.uk/blog/2007/09/deleting-old-snort-and-base-event-data.html It purges the event table of old events, removes all of the entries from referring tables that have been orphaned and finally optimises the tables. It will leave things clean. I have been successfully using this in a nightly cron job for about a year now. Hope this helps, Tez ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SQL to purge alerts over 1 month old? Michael W Cocke (Feb 04)
- Re: SQL to purge alerts over 1 month old? Bachelor, Stephen A CTR USSOCOM HQ (Feb 04)
- Re: SQL to purge alerts over 1 month old? Paul Schmehl (Feb 04)
- Re: SQL to purge alerts over 1 month old? Michael W Cocke (Feb 04)
- Re: SQL to purge alerts over 1 month old? Zakai Kinan (Feb 19)
- Re: SQL to purge alerts over 1 month old? Paul Schmehl (Feb 19)
- Re: SQL to purge alerts over 1 month old? Terry Burton (Feb 26)