Snort mailing list archives
Re: Purge all Snort events from MySQL database?
From: "jon baer" <security () jonbaer net>
Date: Fri, 19 Sep 2003 08:42:52 -0400
thanks works nicely! do you mind if i port it to php for "Flush Database" button in ACID? - jon ----- Original Message ----- From: "Dusty Hall" <halljer () auburn edu> To: <security () jonbaer net>; <snort-users () lists sourceforge net> Sent: Friday, September 19, 2003 9:02 AM Subject: Re: [Snort-users] Purge all Snort events from MySQL database?
This is what I use: http://www.perlmonks.com/index.pl?node_id=247926 -Dusty"jon baer" <security () jonbaer net> 9/18/2003 4:35:38 PM >>>i think u are right, i looked through the spo_database.c code + there is alot more going on ... looks like u might need to flush more than snort.event ... i just noticed that acid_maintenance.php also does not have a flush option w/ the tables. it seems to me the real problem lies with the table types used to create the mysql tables to begin with (from create_mysql.sql) in that you *may* be better off declaring them as MERGE tables: http://www.mysql.com/doc/en/MERGE.html you could then (i think) theoretically pull the merge table data out from a cron job @ daily intervals for analysis. really not sure if that makes things easier, its seem like barnyard + these types of tables would make it much smoother. - jon ----- Original Message ----- From: "Michael Steele" <michaels () winsnort com> To: <snort-users () lists sourceforge net> Sent: Thursday, September 18, 2003 5:34 PM Subject: RE: [Snort-users] Purge all Snort events from MySQL database?Jon, I think I remember awhile back that this topic was discussed and Ithink theconclusion was that flushing or purging the database, kind of likewhen Aciddoes a delete, that it really doesn't remove everything. Is this still true? Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of jonbaerSent: Thursday, September 18, 2003 11:25 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Purge all Snort events from MySQLdatabase?hmm not sure there is one ... you can always flush the events viacommandline: echo "delete from snort.event" | mysql -h 10.10.10.10 -usnort -pmypassword- jon ----- Original Message ----- From: "Raj Wurttemberg" <rajw () c64 us> To: "'Pig-A-Holics Anonymous'" <snort-users () lists sourceforge net> Sent: Thursday, September 18, 2003 1:22 PM Subject: [Snort-users] Purge all Snort events from MySQL database?Simple question from a Snort noob... What is the proper method to purge all the Snort events from aMySQLdatabase? Thanks, /*Raj*/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Purge all Snort events from MySQL database? Raj Wurttemberg (Sep 18)
- Re: Purge all Snort events from MySQL database? jon baer (Sep 18)
- RE: Purge all Snort events from MySQL database? Michael Steele (Sep 18)
- Re: Purge all Snort events from MySQL database? jon baer (Sep 18)
- Re: Purge all Snort events from MySQL database? Kristofer T. Karas (Sep 19)
- RE: Purge all Snort events from MySQL database? Michael Steele (Sep 18)
- <Possible follow-ups>
- RE: Purge all Snort events from MySQL database? Keaton, Lindamaria (Sep 18)
- Re: Purge all Snort events from MySQL database? jon baer (Sep 18)
- Re: Purge all Snort events from MySQL database? jon baer (Sep 19)
- Re: Purge all Snort events from MySQL database? Dusty Hall (Sep 20)
- Re: Purge all Snort events from MySQL database? jon baer (Sep 18)