Snort mailing list archives
Re: BASE/AAnval MySQL dbase management
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 22 Apr 2006 08:25:16 -0500
--On April 20, 2006 9:59:19 AM -0400 John Hally <JHally () epnet com> wrote:
I have written a perl script that archives the db based upon your choice of length of time (I use 7 days.) I just completed a php script that allows you to delete all the alerts from a single IP. I'll be releasing it in the near future, after I've done some cleanup and documented it better.I'm curious as to how people are managing the mysql backend data that snort reports. I've been mulling over adding syslog entries to the mix, but with the amount of denies I see at the borders/firewalls, the database is going to get unwieldy pretty fast. Not being a DBA but knowing enough to get things up and running, is there any 'canned' scripts out there to help me out? I'm thinking along the lines of possibly archiving daily/weekly, having the dbase drop entries older than X, or something to that effect.
You can find the archive script in the downloads section at http://www.ntsug.org/.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/
Attachment:
_bin
Description:
Current thread:
- BASE/AAnval MySQL dbase management John Hally (Apr 20)
- Re: BASE/AAnval MySQL dbase management Paul Schmehl (Apr 22)
- <Possible follow-ups>
- RE: BASE/AAnval MySQL dbase management Irons, Clarence (Apr 20)
- RE: BASE/AAnval MySQL dbase management Administration (Apr 22)