Snort mailing list archives
Re: Snorting ACID and DB maintenance
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Tue, 27 Aug 2002 10:56:55 -0400
I have an example tool on how to do this on my web site http://www.dirk.demon.co.uk/utils/ The current version of mysql is a little limited on how you can do deletes so you have to bend it a little to get it work. Have a look at my util for doing archiving Ian ----- Original Message ----- From: "Randy Bey" <Randy.Bey () rivernorthsys com> To: <snort-users () lists sourceforge net> Sent: Friday, August 23, 2002 11:21 AM Subject: [Snort-users] Snorting ACID and DB maintenance
Hey Now, I have ACID installed and lo and behold, less than a day and 1000 events in both 'event' and 'acid_event' tables. By my modest predictions, this will be a !#@$&! of data toot sweet. Other than going into ACID and manually selecting false positives and deleting them, are there other thoughts on how to keep from choking on the DB size? Not sure if this an ACID question or a MYSQL question. Probably more MYSQL, although I know even less about MYSQL than I do about ACID after a whole day of experimentation. Such as, 1) can I limit the size of the MYSQL database? 2) Can I do something as bone simple as 'delete from (event, acid_event) where timestamp < "some timestamp";'? Any ideas or good general practices out there? Randy Bey RiverNorth Systems 7300 W 147th St Suite 300 Apple Valley, MN 55124 http://www.rivernorthsys.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r____________________________________________ ___
Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snorting ACID and DB maintenance Randy Bey (Aug 23)
- Re: Snorting ACID and DB maintenance Jim Burwell (Aug 23)
- Re: Snorting ACID and DB maintenance Robby (Aug 26)
- Re: Snorting ACID and DB maintenance Ian Macdonald (Aug 27)