Re: Snort/ACID Database Cleanup

[Mark Rowlands <mark.rowlands () minmail net>]

> > -----Original Message-----
> > From: krista l merrill [mailto:kmerr001 () cs fiu edu]
> > Sent: Friday, April 12, 2002 3:06 PM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] Snort/ACID Database Cleanup
> >
> >
> >
> > Does anyone know of any MySQL-specific Snort/ACID database cleanup
> > scripts?  I'd like to delete alerts after a certain number of days.

well as a starting point 

http://archives.neohapsis.com/archives/snort/2001-10/0329.html

but why not use the built in archive function?

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_archive_instruct.html

On Saturday 13 April 2002 5:44 am, Ronneil Camara wrote:
> You can use Perl, DBI, DBD.
>
> All you have to do is do a delete from tablename where date is likethis.
> You must also execute flush privileges after that.
>
> This is a good question btw. I've got a follow-up question now though
> I can answer it myself, I don't want to scrutinize acid code. 

So somebody else should on your behalf?  ;-)

> What are the tables that I need to clean, is it just events? What about     
> data?

no,  there are a number of related tables. see 

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_db_er_v102.html


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users