Snort mailing list archives
RE: Big MySQL-Database
From: "Patrice Boulanger" <pboulanger () fr externall net>
Date: Wed, 8 Jan 2003 12:48:52 +0100
hello snort user, you could use the mysqlhotcopy command to copy your database: mysqlhotcopy -p=<password> --allowold snortdb SnortAcid this command copy the database snort to a new db SnortAcid (created if necessary). You must use --allowold because mysqlhotcopy will abort if target already exists. You could also use --keepold (try mysqlhotcopy --help for signification). Beware that the SnortAcid database will be lost on each rotation. after the hot copy, you must also delete lines from the snort database: for example: ---------------------- (not tested !!!) for i in "acid_ag acid_ag_alert acid_event acid_ip_cache data detail encoding event icmphdr iphdr opt reference reference_system schema sensor sig_class sig_reference signature tcphdr udphdr'; do echo "delete from $i;" | mysql -D snort -p <password> done ---------------------- (not tested !!!) put this two commands in a shell script and add a cron entry to run it every 2 days. Hope it will help you. Regards, -----Message d'origine----- De : snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]De la part de Kraus, Thorsten Envoyé : mercredi 8 janvier 2003 11:50 À : snort-users () lists sourceforge net Objet : [Snort-users] Big MySQL-Database Hello Snort Users, I've set up an Snort system on linux. I use MySQL to store the data from snort a; nd I use ACID to analyze this data. But when snort runs a few days, the database is very big and acid runs only very slowly. I want to store the data only for eg. 2 days in the database. If the 2 days are over, then the database should be copied to snortAcidOld and a new database named SbortAcid should be created. Have you any idea how I can solve this problem in this or any other way? I'm looking forward to your answers! ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Big MySQL-Database Kraus, Thorsten (Jan 08)
- RE: Big MySQL-Database Patrice Boulanger (Jan 08)