Snort mailing list archives
Re: data table full in MYSQL
From: Roman Danyliw <roman () danyliw com>
Date: Tue, 16 Oct 2001 13:54:10 -0400 (EDT)
Mike, A couple of clarifications: - If you deleted events from the database manually, make sure to delete the corresponding information from all tables (i.e. event, iphdr, tcphdr/icmphdr/udphdr, data, opt). Otherwise, the database will be left in an inconsistent state. - the event cache does not store any data on the packet payload Assuming you have deleted a number of alerts from the database without using ACID, the cache will need to be rebuilt. Issue the following command from the mysql command line: mysql> DELETE FROM acid_event; This command will delete the entire cache. To recreate it, use the maintenance page or simply enable auto-updating of the event cache. Roman On Tue, 16 Oct 2001, Reeves, Michael (GEAE, Compaq) wrote:
Ok, database: mysql_error: The table 'data' is full my data.MYD is 4.2 gigs :) I killed a bunch of events from the acid
dbase
but no dice. It looks like it is pulling them into cache but not
deleting
them from the data.myd directory. The user has full rights over the
dbase.
Also when I go into cache and status is says there are 300,000+ alerts
but
only 56000 cached events. I update the alert cache and it says 0 alerts added. I am not sure of how the process works. Should I wipe the DB and start over? Mike
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- data table full in MYSQL Reeves, Michael (GEAE, Compaq) (Oct 16)
- <Possible follow-ups>
- Re: data table full in MYSQL Roman Danyliw (Oct 16)
- RE: data table full in MYSQL Reeves, Michael (GEAE, Compaq) (Oct 16)
- Re: data table full in MYSQL Susan Kay Coulter (Oct 16)