Over 1 Million records in ACID.....

["Ghercoias, Catalin" <CGhercoias () TWEC COM>]

Hi,

I got some over 1(one) million records in ACID under one of the
classifications.

 < Classification >    < Total >   < Sensor# >   < Signatures >   <
Src.Addr. >   < Dest.Addr. >
non-standard-protocol  1176682(73%)     1               1
5331             5174     

This is due to the fact that I turned on the rule "sid: 1620; rev: 3; msg:
"BAD TRAFFIC Non-Standard IP protocol"; ip_proto: !89; classtype:
non-standard-protocol;)". Big mistake!!!!!

Now that I've learned from this mistake, how can I get rid of these records?
Trying to delete them from ACID console, won't work. I tried also Mysql
ControlCenter (for windows is true) but is still not working and sometimes
crashes.
Although I have increased the values of 'max_script_runtime=1800' in
acid_php.conf ; 'max_execution_time=1800'
and memory_limit=128M (it was 8M) in php.ini.

I must say that the mysql and ACID are running on a dual-processor Pentium
III@800 MHz with two hard drives of
32 gigabytes ULTRA3-SCSI mirrored (RAID 0) and 1 gigabyte of RAM. 
On this box is running RedHat Linux 7.3, Mysql 4.0, ACID, Apache 1.3.27. The
snort agents are running on separate machines.
With all these trying to access/delete in ACID it takes minutes until
something is loading in browser.

Thank you very much in advance,

Catalin Ghercoias.


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users