RE: Many Events in new SNORT box

["Joshua Berry" <jberry () PENSON COM>]

The best way to get rid of the data without having to drop and recreate
the database is by doing "truncate table <tablename>" commands for each
table that you need to drop data in.  To get a list of tables type in
SHOW TABLES;.  Here is a list of tables that you would need to truncate:

acid_ag
acid_ag_alert
acid_event
acid_ip_cache
data
event
icmphdr
iphdr
opt
tcphdr
udphdr

                -----Original Message-----
                From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
Postiglione, Jon 
                Sent: Wednesday, August 11, 2004 9:25 PM
                To: snort-users () lists sourceforge net
                Subject: [Snort-users] Many Events in new SNORT box

                Hello,

                I just recently configure and new snort box and before I
could setup the events that I wanted to keep and the ones I wanted to
delete I had over 5 million events (We run a really chatty network).
Well, anyway I need to delete all of the events in SNORT but it will not
let me because there are too many off them (it times out). I do not know
much about MySQL or SNORT, is there an easy way to delete all of the
events (besides rebuilding the box)?

                Thanks from a NewBie!


                Regards,

                Jon Postiglione

                This email and any files transmitted with it may contain
PRIVILEGED or CONFIDENTIAL information and may be read or used only by
the intended recipient. If you are not the intended recipient of the
email or any of its attachments, please be advised that you have
received this email in error and that any use, dissemination,
distribution, forwarding, printing, or copying of this email or any
attached files is strictly prohibited. If you have received this email
in error, please immediately purge it and all attachments and notify the
sender by reply email or contact the sender at the number listed.