Snort mailing list archives

RE: Snort/ACID Database Cleanup

From: "Whaley, Mike" <mwhaley () rightnow com>
Date: Fri, 19 Apr 2002 10:36:49 -0600

Hello all,

I've archived the alerts using acids built in function to an snort_archive
DB.  I imagine I would have to add another acid interface to view the
snort_archive DB.  Is this correct or is there an easier way to view the
alerts in the archive DB?  Thank you very much.

Mike

-----Original Message-----
From: Mark Rowlands [mailto:mark.rowlands () minmail net]
Sent: Friday, April 19, 2002 5:21 AM
To: Ronneil Camara; snort-users () lists sourceforge net
Cc: kmerr001 () cs fiu edu
Subject: Re: [Snort-users] Snort/ACID Database Cleanup

-----Original Message-----
From: krista l merrill [mailto:kmerr001 () cs fiu edu]
Sent: Friday, April 12, 2002 3:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort/ACID Database Cleanup

Does anyone know of any MySQL-specific Snort/ACID database cleanup
scripts?  I'd like to delete alerts after a certain number of days.


well as a starting point 

http://archives.neohapsis.com/archives/snort/2001-10/0329.html

but why not use the built in archive function?

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_archive_instruct.html

On Saturday 13 April 2002 5:44 am, Ronneil Camara wrote:

You can use Perl, DBI, DBD.

All you have to do is do a delete from tablename where date is likethis.
You must also execute flush privileges after that.

This is a good question btw. I've got a follow-up question now though
I can answer it myself, I don't want to scrutinize acid code.


So somebody else should on your behalf?  ;-)

What are the tables that I need to clean, is it just events? What about

data?


no,  there are a number of related tables. see 

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_db_er_v102.html


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort/ACID Database Cleanup krista l merrill (Apr 12)
- <Possible follow-ups>
- RE: Snort/ACID Database Cleanup Ronneil Camara (Apr 12)
  - Re: Snort/ACID Database Cleanup Mark Rowlands (Apr 19)
- RE: Snort/ACID Database Cleanup Whaley, Mike (Apr 19)
  - Re: Snort/ACID Database Cleanup Mark Rowlands (Apr 19)