Snort mailing list archives
BASE/snort question
From: John Newman <jnn () webii net>
Date: Thu, 25 May 2006 08:39:06 -0500
Hello, I posted this to a BASE list, but I'm looking for feedback quickly, so I was wondering if anyone would care to give me a quick sanity check on this little bitty script I hacked together to, basically, reduce the size of my snort/BASE database, based on a cutoff date where I want to delete events. Here is the code - thanks for any feedback! (obviously its quite rough, written quite quickly, I'm just trying to make sure the idea is sane and that I'm hitting the right tables). #!/usr/local/bin/perl -w use DBI; use Getopt::Std; $| = 1; my $verbose = 1; my @tables = qw(acid_event data event icmphdr iphdr udphdr); sub initDB($$$$) { my ($host,$user,$pass,$db) = @_; return DBI->connect("dbi:mysql:database=$db;host=$host", $user, $pass); } sub get_cid($$) { my($dbh, $date) = @_; my $sth = $dbh->prepare("SELECT cid from event where timestamp > '$date' limit 1"); $sth->execute or die "Unable to grab cid for date $date: $dbh->errstr\n"; return $sth->fetchrow_hashref->{cid}; } getopt('u:p:h:d:c:', \%opts); # -u dbuser, -p dbpass, -h dbhost, -d dbname, # -c cutoffdate u and d all have obvious # defaults, the others need to be specified $db = length($opts{d}) ? $opts{d} : "snort"; # default to snort $user = length($opts{u}) ? $opts{u} : "snort"; # default to snort.. again! if (!length($opts{p}) or !length($opts{h}) or !length($opts{c})) { print STDERR "Usage: $0 -u dbuser -p dbpass -h dbhost -d dbname -c cutoffdate (e.g. 2006-05-15)\n"; exit(1); } $pass = $opts{p}; $cutoff = $opts{c}; $host = $opts{h}; my $handle = initDB($host, $user, $pass, $db) or die("Database error: " . DBI->errstr); my $cid = &get_cid($handle, $cutoff); print "Cid = $cid\n" if $verbose; my $sth; foreach my $table (@tables) { $sth = $handle->prepare("DELETE from $table WHERE cid < $cid"); $sth->execute or die "Unable to execute deletion: $handle->errstr\n"; } -- John Newman Systems Administrator, WebXess Inc. ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BASE/snort question John Newman (May 25)
- RE: BASE/snort question Jeff Dell (May 25)