Snort mailing list archives
RE: MySQL Log rotate
From: "Jyri Hovila" <jyri.hovila () iki fi>
Date: Mon, 10 Sep 2001 18:56:28 +0300
Hi!
Ah. The acid_event table got added in 0.9.6b13, and I have been
running
0.9.6b12. It appears all you will need to do is add a couple of
lines:
$dbh->prepare("DELETE FROM acid_event WHERE sid = ? AND cid = ?"), and $dbh->do("OPTIMIZE TABLE acid_event"); I haven't tested this, so use at your own risk.
Works perfectly! Thank you! =) Here's the updated script -- in case someone finds this message from an archive some day in the distant future and won't be able to find the original script... ;) Cheers! - Jyri ------------------------------begin snortate.pl------------------------------ #!/usr/bin/perl use DBI; my $dbh = DBI->connect("DBI:mysql:database=snort:host=localhost", "acid", "BMc,39LLwfdhYkmk") or die "Can't connect: $DBI::errstr\n"; my @deletes = ( $dbh->prepare("DELETE FROM data WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM icmphdr WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM udphdr WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM tcphdr WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM iphdr WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM opt WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM acid_ag_alert WHERE ag_sid = ? AND ag_cid = ?"), $dbh->prepare("DELETE FROM acid_event WHERE sid = ? AND cid = ?"), $dbh->prepare("DELETE FROM event WHERE sid = ? AND cid = ?")); my $sth = $dbh->prepare("SELECT sid,cid FROM event WHERE timestamp < ( NOW() - INTERVAL 0 DAY ) "); my ($sid, $cid); $sth->execute(); $sth->bind_columns(undef, \$sid, \$cid); my $count = 0; while (my $ref = $sth->fetch) { $count++; foreach my $delete (@deletes) { $delete->execute($sid, $cid); } } if ($count) { $dbh->do("OPTIMIZE TABLE data"); $dbh->do("OPTIMIZE TABLE icmphdr"); $dbh->do("OPTIMIZE TABLE udphdr"); $dbh->do("OPTIMIZE TABLE tcphdr"); $dbh->do("OPTIMIZE TABLE iphdr"); $dbh->do("OPTIMIZE TABLE opt"); $dbh->do("OPTIMIZE TABLE acid_ag_alert"); $dbh->do("OPTIMIZE TABLE acid_event"); $dbh->do("OPTIMIZE TABLE event"); } $dbh->disconnect or warn "Disconnect failed: $DBI::errstr\n"; ------------------------------end snortate.pl------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MySQL Log rotate adrian.hobbs (Sep 03)
- Re: MySQL Log rotate David Gadbois (Sep 05)
- RE: MySQL Log rotate Jyri Hovila (Sep 10)
- <Possible follow-ups>
- RE: MySQL Log rotate roman (Sep 10)
- Re: MySQL Log rotate David Gadbois (Sep 10)
- RE: MySQL Log rotate Jyri Hovila (Sep 10)
- FW: MySQL Log rotate Jyri Hovila (Sep 10)
- Re: MySQL Log rotate David Gadbois (Sep 05)