Snort mailing list archives
Re: SQL command to clear out the snort database
From: John <strgout () unixjunkie com>
Date: Mon, 18 Oct 2004 11:52:04 -0500
On Fri, Oct 15, 2004 at 03:15:24PM -0500, Pat Delaney wrote:
The database on my snort server is huge, I'm looking for an SQL command to clear it out, rather than using the webpage ACID front end. Any thoughts? Pat
Here is a small perl script i put together for deleting everything from the DB.
I used this because i needed to whack the snort DB over and over while getting
my snort install to the point i wanted it at. It does not delete the tables needed
to have a correct snort db setup. (schema, detail and encoding)
BTW this is MySQL specific.
You will need, perl, DBI and DBD-mysql (All perl stuff).
What ever file name you use make sure to use 700 for perms!
#!/usr/local/bin/perl
use DBI;
use strict;
my $server = 'IPOFSERVER';
my $port = '3306';
my $user = 'ADMINUSER';
my $passwd = 'ADMINPASSWD';
my $db = 'NAMEOFDATABASE';
my $dbh = DBI->connect('DBI:mysql:database='.$currentdb .
';host=' . $server .
';port=' . $port ,
$user, $passwd, {RaiseError => 1}) or
die "Unable able to connect: $DBI::errstr\n";
# Any table you don't want cleared remove from this list.
my @tables = qw(acid_ag acid_ag_alert acid_event acid_ip_cache
data event icmphdr iphdr opt reference reference_system
sensor sig_class sig_reference signature tcphdr udphdr);
foreach (@tables) {
$dbh->do( 'TRUNCATE TABLE`' . $_ . '`' );
}
$dbh->disconnect;
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SQL command to clear out the snort database Pat Delaney (Oct 15)
- Re: SQL command to clear out the snort database John (Oct 18)
- <Possible follow-ups>
- RE: SQL command to clear out the snort database Botwick, Jason (Genworth, Contractor) (Oct 15)
- Re: SQL command to clear out the snort database Nick Hatch (Oct 15)
- RE: SQL command to clear out the snort database Michael Steele (Oct 15)
- Re: SQL command to clear out the snort database Nick Hatch (Oct 15)
- RE: SQL command to clear out the snort database Lance Boon (Oct 15)
- Re: SQL command to clear out the snort database Shawn Kottke (Oct 15)
- RE: SQL command to clear out the snort database Michael Steele (Oct 15)
- RE: SQL command to clear out the snort database Friesz, Ross (Oct 18)