Snort mailing list archives
Re: Snort, MySQL, Acid
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Tue, 7 May 2002 15:55:46 -0400
Sorry that should be http://www.dirk.demon.co.uk/utils/ My bad Ian ----- Original Message ----- From: "Ian Macdonald" <secsnort () dirk demon co uk> To: "Whaley, Mike" <mwhaley () rightnow com>; "'Anton A. Chuvakin'" <anton () chuvakin org>; "Tim Sailer" <sailer () bnl gov> Cc: "Redman, Ken" <ken.redman () mssm edu>; "Snort Users List (E-mail)" <snort-users () lists sourceforge net> Sent: Tuesday, May 07, 2002 10:17 AM Subject: Re: [Snort-users] Snort, MySQL, Acid
You might want to have a look at www.dirk.demon.co.uk/tools. I wrote some scripts for managing the snort part of the database. The idea was that you could run it every night in a cron job or scheduled task. I am thinking about extending them to create a complete copy of the demarc data as well
so
you could have say 5 days in the active store that you monitor then
another
copy of the demarc console installed that hits the archive database. This would give you the ability to go back and loook at archived data, but with the knowledge that it might take some time to bring back data Ou of interest which setting in the IIS did you change. I couldn't track down the setting that would stop the cgi-timeout messages in IIS. Thanks Ian ----- Original Message ----- From: "Whaley, Mike" <mwhaley () rightnow com> To: "'Anton A. Chuvakin'" <anton () chuvakin org>; "Tim Sailer" <sailer () bnl gov> Cc: "Redman, Ken" <ken.redman () mssm edu>; "Snort Users List (E-mail)" <snort-users () lists sourceforge net> Sent: Monday, May 06, 2002 4:12 PM Subject: RE: [Snort-users] Snort, MySQL, AcidI have the same configuration on win2k and I just fixed this problem
with
mine. First, increase your timeout value in your acid_conf.php file.Nextyou'll get cgi errors for IIS is you are running that. Increase your timeout for IIS and that should fix it. For about 25,000 records it
takes
about 1300 seconds to move the data to another archive on my machine. Everything works great now and I can successfully move, copy, and delete large amounts of data. Mike Whaley -----Original Message----- From: Anton A. Chuvakin [mailto:anton () chuvakin org] Sent: Monday, May 06, 2002 1:33 PM To: Tim Sailer Cc: Redman, Ken; Snort Users List (E-mail) Subject: Re: [Snort-users] Snort, MySQL, Acid Importance: High Hello,I think the easiest way, since you have ACID, is to query on your IP address in ACID, and then tell it to delete the whole query. It will clean up nicely.Not it if you have 100,000 records or more. Sorry for a one-liner, but archiving/deleting with ACID for large databases is very unstable. I have not found a way to recover my ACID/snort database after it was flooded by thousands of records. That leaves in pretty much unusable shape. Best, -- Anton A. Chuvakin, Ph.D. http://www.chuvakin.org http://www.info-secure.org _ _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We
supply
the hardware. You get the recognition. Email Us:
bandwidth () sourceforge net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, MySQL, Acid Tom Sevy (May 03)
- <Possible follow-ups>
- Snort, MySQL, Acid Redman, Ken (May 03)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- Re: Snort, MySQL, Acid Anton A. Chuvakin (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 07)
- snort, mysql, acid C White (Jun 13)