Snort mailing list archives
RE: Archiving the archive
From: "McPheeters, Scott" <smcpheeters () fnms-indy com>
Date: Thu, 13 Feb 2003 14:07:22 -0500
You would need to use the schema to move all the records over to a new database. select * from sometable into newtable --will insert and create table insert into anothertable select * from sometable -- will insert into an already created table. Scott -----Original Message----- From: Bob Dehnhardt [mailto:bob.dehnhardt () trinet com] Sent: Thursday, February 13, 2003 1:32 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Archiving the archive This might be somewhat off-topic, so send the penalty drinks my way (double them up, it's been one of those weeks)..... I'm using Snort 1.9, Red Hat 7.3, ACID 0.9.23b, and MySQL 3.23.54. I process alerts from the snort db, and move the alerts to snort_archive when they've been checked out. The snort db stays very manageable, but I want to manage the archive a little better. I have a dream of splitting out my archive into separate databases, one per month, named something like "2002_10_snort_archive". This, I figure, will speed up the response time of archive searches, and let me easily move the old archives to CD-R when I don't need them on the server any more. Yeah, I know, ACID only accesses one database at a time, so this will make the archives harder to search. One mess at a time.... In typical pointy-haired-manager style, I have this great (to my mind) idea, but not the slightest idea of how to implement it. I started reading through the MySQL docs, and got as far as SELECT t1.cid, t1.sid FROM acid_event AS t1 WHEN left(t1.timestamp,7) = '2002-10'; and then I got completely stuck. This gave me a list of cids and sids from last October, just like I wanted, which I figure I need to use as an index to select the rest of the data for extraction. But HOW do I use that to extract the rest of the data, and insert it into a new database? Can anyone point me in the right direction? Thanks. - Bob Bob Dehnhardt IT Operations Manager - Reno TriNet (775) 327-6407 ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Archiving the archive Bob Dehnhardt (Feb 13)
- Re: Archiving the archive Ken Gunderson (Feb 13)
- Re: Archiving the archive Ken Gunderson (Feb 13)
- <Possible follow-ups>
- RE: Archiving the archive McPheeters, Scott (Feb 13)
- Re: Archiving the archive Ken Gunderson (Feb 13)