Re: MySQL Log rotate

[David Gadbois <gadbois () computer org>]

Ah.  The acid_event table got added in 0.9.6b13, and I have been running
0.9.6b12.  It appears all you will need to do is add a couple of lines:

   $dbh->prepare("DELETE FROM acid_event WHERE sid = ? AND cid = ?"),

and

   $dbh->do("OPTIMIZE TABLE acid_event");

I haven't tested this, so use at your own risk.

--David Gadbois
   

roman () danyliw com wrote:
> The ACID event cache does _not_ get purged periodically.  If you have a
> script which removes an alert from the database be sure to also delete
> the associated alert information from the acid_event table.
>
> cheers,
> Roman
>
> On Mon, 10 Sep 2001, Jyri Hovila wrote:
>
> > Hi!
> >
> > > > How so I rotate the logs in MySQL? Is the best way to just delete the
> > rows
> > > > in the event table? What if I want to archive the information?
> >
> > > I figure old events are not worth keeping around.  I have attached a
> > > Perl script I use to delete events over 30 days old.  It works with
> > the
> > > version 103 schema.  Since MySQL does not have nested queries or
> > foreign
> > > key constraints, it is pretty crufty.  Lose the "acid_ag_alert" lines
> > if
> > > you are not using Acid.
> >
> > Thanks for the script David!
> >
> > There's one thing I don't understand. After running the script, Acid
> > cache contains just as many events as it did before I ran the script.
> > Acid application cache status says:
> >
> >       Total Events: 504
> >       Cached Events: 1827
> >
> > Updating the alert cache has no effect. Is the cache purged
> > automatically after some time or do I have to do something about it
> > myself?

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users