Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL to purge alerts over 1 month old?

From: "Terry Burton" <tez () terryburton co uk>
Date: Tue, 26 Feb 2008 10:44:29 +0000
On Mon, Feb 4, 2008 at 2:14 PM, Michael W Cocke <cocke () catherders com> wrote:

The subject line pretty much says it - I'm medium fair at SQL, but I'm
 not seeing this;  Anyone know the syntax to flush alerts older than
 one month from the alerts DB (MySQL if it matters)?


Hi Mike,

I've only just caught up with this thread. Archive plus looks very
useful and I might try it myself some time.

If you are looking for something a bit simpler then the following SQL
might be of interest:

http://www.terryburton.co.uk/blog/2007/09/deleting-old-snort-and-base-event-data.html

It purges the event table of old events, removes all of the entries
from referring tables that have been orphaned and finally optimises
the tables. It will leave things clean.

I have been successfully using this in a nightly cron job for about a year now.


Hope this helps,

Tez

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: