Re: MYSQL database maintenance for Snort

[Jeff Kell <jeff-kell () utc edu>]

Byron Pezan wrote:
> How do you folks maintain your MYSQL databases?  I'm looking for general
> database maintenance advice and scripts to automate the process.  I
> think I'd like to archive anything older than 7 days to keep the
> production database to a manageable and speedy size.  I'm not sure how
> long to keep the archives though.  What do you guys have to say?

There is the archivePlus script (forget where I got it) that I have almost gotten around to try.  Unless there is some 
magic I haven't discovered yet, you have to manually build the archive database[s] for it, and go through the same 
steps you did in setting up the regular snort database.  I have manually created and use an archive database, but have 
not loaded one yet with archivePlus.

Once you get that started though, you can use the BASE 1.1.3+ to manage things.  You can then use the "actions" option 
of "archive alert (copy)" and "archive alert (move)" to load things into your archive database.  Yes, you can do this 
with ACID too, but the bonus of BASE (IMHO) is it now has a home page option to "Use Archive Database" and presto - 
you're now looking at your archive database with BASE, and the home page option changes to "Use Alert Database" to go 
back to normal.  It's quite nice.

Jeff



-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users