Snort mailing list archives

Assistance with archivePlus script to archive snort DB.


From: DTC <chubeshoi () chubes com>
Date: Mon, 24 Jan 2005 09:15:42 -0500

Hi all.

After trying to run the archivePlus script to archive old stuff from my snort database, I've gotten stuck on the following error:
' (1). Pausing before retrying.: Unknown MySQL Server Host 'localhost

Can anyone point me in the right direction as to why this doesn't work? I can't understand this, I've set all the correct permissions in mysql and have actually used acid to initialize and create the tables in my new database called 'archive'. The acid_conf.php configuration file uses 'localhost' as the server host and works fine.

Any insight?

-dtc

Paul Schmehl wrote:

--On Friday, January 21, 2005 05:47:45 PM -0500 DTC <chubeshoi () chubes com> wrote:

Hi All.

I just recently got all the components of snort working (apache, php,
mysql, acid, etc.)

But after hooking it up on a monitor port on my core switch, the database
became so big after one night, acid takes over 20 seconds to load the
mainpage!  Is there any script out there or setting that can help me
clear my sql database every night??

Yes, there is, but first you need to find out why you're "filling up" the db in one night! Is it because you have all the rules enabled? Because you have an incredibly large pipe?

You can get copy of my db archiving script here:
http://www.ntsug.org/ - click on downloads. It's a tarball with a perl script, config file and readme. Should be self-explanatory.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: