Snort mailing list archives
RE: event database size
From: "Wright, Albert John (A J)" <ajw () utk edu>
Date: Wed, 24 May 2006 08:10:43 -0400
In the "contrib" directory of previous versions of snort (2.2.0 maybe?) there was a snort_archdb perl script that still works with the current schema. From what I can tell, it takes care of the problem with data dependencies between the various tables. It seems to be somewhat resource intensive. Our 42Gb database takes an hour or two to purge. When we originally started using it (and our DB was 350Gb), database connections would timeout before some commands would finish. Now, if others are using something different that has shown better results ... I'd love to know. --aj A. J. Wright -- <ajw () utk edu> Senior Security Analyst, Information Security Office University of Tennessee, Knoxville ________________________________ From: snort-users-admin () lists sourceforge net on behalf of John Newman Sent: Tue 2006-05-23 11:38 AM To: snort-users () lists sourceforge net Subject: [Snort-users] event database size Anyone out there know of any good pre-existing solutions to keeping the event database from growing ever bigger and bigger? I suppose some simple sql code, e.g. delete from snort.event where time < 'XXXXX' or something like that.... is this what others are doing? -- John Newman Systems Administrator, WebXess Inc. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- event database size John Newman (May 23)
- RE: event database size Wright, Albert John (A J) (May 24)
- RE: event database size Paul Schmehl (May 24)
- RE: event database size Wright, Albert John (A J) (May 24)