RE: (no subject)

[Wayne T Work <wwork () cybergnostic com>]

You can go into MySQl from the command prompt and change to the snort 
database (\u snort) then do (show tables;). Then you can delete the 
records. See MySQL manual for syntax

At 04:28 PM 9/17/2001 -0400, Reeves, Michael (GEAE, Compaq) wrote:
> I would drop the database and recreate it if you want to start "fresh" 
> Only takes a few minutes... Or even create a new instance and have your 
> new events logged there and point ACID there. Hope that helps.
>
> Mike Reeves
> Security Administrator
> GE Aircraft
> -----Original Message-----
> From: Wells, Kenneth L [mailto:kw151002 () exchange DAYTONOH NCR com]
> Sent: Monday, September 17, 2001 4:12 PM
> To: snort-users () lists sourceforge net
> Subject: RE: [Snort-users] (no subject)
>
> When I look at my default snort view screen I see TCP, UCP, ICMp, etc.... 
> traffic.
>
> how can I erase all of this and start clean?
>
> I want to move my sensor to another subnet but want to clear out the old 
> data....
>
> Kenny
>
> I'm using acid v0.9.6b6 for windows 2000
> -----Original Message-----
> From: Wayne T Work [mailto:wwork () cybergnostic com]
> Sent: Monday, September 17, 2001 4:00 PM
> To: Wells, Kenneth L; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] (no subject)
>
> Yepper there is a way.
> select a protocol to look at and then go to the bottom. the selection on 
> the left side will let you do several things. Archive is one as well as 
> delete. Choos which one and then go right to select only that page, all in 
> query or you can check the blocks on the ones you want to perform actions 
> on. All this is on the latest version of ACID
>
> Good luck
>
> At 03:40 PM 9/17/2001 -0400, Wells, Kenneth L wrote:
>
> > I'm currently using ACId for my snort Ids. Is there a way that I can 
> > archive old data and start collecting new data?
> >
> > Kenny
> Wayne

Wayne T Work
Manager of Information Systems Security
Cybergnostic.net, Inc.
(O) 203-331-4417
(C) 203-217-5004