BASE/snort question

[John Newman <jnn () webii net>]

Hello,

I posted this to a BASE list, but I'm looking for feedback quickly, so I
was wondering if anyone would care to give me a quick sanity check on
this little bitty script I hacked together to, basically, reduce the
size of my snort/BASE database, based on a cutoff date where I want to
delete events.   Here is the code - thanks for any feedback!  (obviously
its quite rough, written quite quickly, I'm just trying to make sure the
idea is sane and that I'm hitting the right tables).


#!/usr/local/bin/perl -w

use DBI;
use Getopt::Std;

$| = 1;
my $verbose = 1;

my @tables = qw(acid_event data event icmphdr iphdr udphdr);

sub initDB($$$$)
{
        my ($host,$user,$pass,$db) = @_;

        return DBI->connect("dbi:mysql:database=$db;host=$host", $user, $pass);
}

sub get_cid($$)
{
        my($dbh, $date) = @_;
        my $sth = $dbh->prepare("SELECT cid from event where timestamp > '$date' limit 1");
        $sth->execute or
                die "Unable to grab cid for date $date: $dbh->errstr\n";
        return $sth->fetchrow_hashref->{cid};
}

getopt('u:p:h:d:c:', \%opts);  # -u dbuser, -p dbpass, -h dbhost, -d dbname, 
                                                           # -c cutoffdate  u and d all have obvious 
                                                           # defaults, the others need to be specified

$db   = length($opts{d}) ? $opts{d} : "snort";   # default to snort
$user = length($opts{u}) ? $opts{u} : "snort";   # default to snort.. again!

if (!length($opts{p}) or !length($opts{h}) or !length($opts{c})) {
        print STDERR "Usage: $0 -u dbuser -p dbpass -h dbhost -d dbname -c cutoffdate (e.g. 2006-05-15)\n";
        exit(1);
}
$pass   = $opts{p}; 
$cutoff = $opts{c};
$host   = $opts{h};

my $handle = initDB($host, $user, $pass, $db)  or
        die("Database error: " . DBI->errstr);

my $cid = &get_cid($handle, $cutoff);    
print "Cid = $cid\n"            if $verbose;

my $sth;
foreach my $table (@tables) {
        $sth = $handle->prepare("DELETE from $table WHERE cid < $cid");
        $sth->execute or
                die "Unable to execute deletion: $handle->errstr\n";
}


-- 
John Newman
Systems Administrator, WebXess Inc.


-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users