Snort mailing list archives
Re: manual access to ACID databases
From: Susan Kay Coulter <skc () lanl gov>
Date: Wed, 10 Oct 2001 09:27:25 -0600
I periodically removed the nimda alerts by using a Perl/mysql dbi script. If you are comfortable with perl, it is pretty simple to download the mysql dbi and write a script to clear out alerts by signature, time frame, etc. I have found it extremely useful - and use it to archive alerts on a monthly basis. It is much faster than using ACID, and you can start up the script when you leave at the end of the day and let it run - or run it as a cronjob during your slowest traffic period. ( Of course this does require becoming familiar with the db design and knowing the relation between the tables.)
From: "Jones, Benny" <Ben () wcom net> To: "'Snort Users'" <snort-users () lists sourceforge net> Date: Wed, 10 Oct 2001 09:50:39 -0400 Subject: [Snort-users] manual access to ACID databases This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C15192.8BC36CC0 Content-Type: text/plain; charset="iso-8859-1" recent nimda shenanigans has apparently overloaded my ACID database with 10s of thousands (probably a few hundred thousand) alerts that I don't want. The initial ACID display doesn't come up (the mysqld process simply chugs away for over an hour). I'd like to go into the mysql database and use SQL to delete the records manually, but I'm concerned that I'll leave the database equivalent of broken links around if I make a mistake. Has anyone else successfully dealt with something like this? If manual access is an option, what is the command to use to get rid of say, all alerts with "outgoing admin.dll" in them? Or, maybe I've got something misconfigured. Any advice would be appreciated. TIA Benny
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- manual access to ACID databases Jones, Benny (Oct 10)
- <Possible follow-ups>
- RE: manual access to ACID databases Steve Halligan (Oct 10)
- Re: manual access to ACID databases Susan Kay Coulter (Oct 10)
- Re: manual access to ACID databases Steve . Rudolph (Oct 10)
- Re: manual access to ACID databases Susan Kay Coulter (Oct 10)
- Re: manual access to ACID databases Susan Kay Coulter (Oct 10)