Snort mailing list archives

Re: FW: Script to purge snort and acid databases?

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 05 Sep 2006 15:52:19 -0500

--On Tuesday, September 05, 2006 14:44:09 -0400 "Jacob, Raymond A Jr"<raymond.jacob () navy mil> wrote:

PS: I tried the  archive script but had trouble with Perl modules, the DBI
mysql module as I
 remember. The script would not login to the database. After modifying the
script so it could
 login, the script seemed to want to move the alerts to the snort_archive
the database.
 I could not figure out how to delete without archiving. I also never
 knew if the script was working. My tables where so big that it took
forever so I just
 killed the script. As a suggestion for large tables you might want to
Delete one minute
 of data a time just so you can maintain a running total and if you have
to interrupt the
 the DELETE at least you know that up to that point X-records have been
deleted. As I recall
 BITIO(before I took it over) the previous administrator had the archive
script working.
 It took about 20-30 days to delete a month's worth of snort_archive
 data on a production system. Deleting the previous day's alerts from the
snort database
 took about six hours. Causing updates to acid_event to fail until the
Delete finished.
 I apologize in advance if my difficulties were a result of my ignorance.
I do appreciate
 your help.

Did you read the README file?  Did you edit the config?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Script to purge snort and acid databases? Jacob, Raymond A Jr (Sep 05)
- Re: Script to purge snort and acid databases? Paul Schmehl (Sep 05)
- <Possible follow-ups>
- FW: Script to purge snort and acid databases? Jacob, Raymond A Jr (Sep 05)
  - Re: FW: Script to purge snort and acid databases? Paul Schmehl (Sep 05)