[Snort-users] Trimming/Archiving Snort Data from a MYSQL Db. (How do you do it?)
wlmarque at ...8...
Fri Oct 27 17:56:31 EDT 2000
The next release of ACID will have an option to remove database entries. Roman
has put quite a few new features into it and it's working really nicely. I
suspect he's been busy as of late as I haven't seen him on the lists recently.
Nevertheless, an automated way of archiving the db would be nice.
From: "box.inter-tel.net" <chris at ...714...> on 10/27/2000 04:30 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Trimming/Archiving Snort Data from a MYSQL Db. (How do
you do it?)
Recently decided to give ACID v0.9.4 ( of the AirCERT project ) a try after
hearing it mentioned at the Monetery SANS conf. It requires that you use
the database plugin for snort, so I ran right off and built a mysql
For those of you unaware of what ACID http://www.cert.org/kb/acid is, it is
a nice little set of php scripts that gives you web access to some stats on
and access to, the data that gets pumped into your mysql database by snort.
Lots of potential here, but after only a few days, of a few sensors pointing
at my database, my disk space began to dissapear rapidly. Now, I know how
to handle my familiar old flat file logs when space gets tight, but not
being terribly adept in the database world, and hating to throw anything
away, I have had to leave this beast to grow unchecked. My guess is you
"trim" the data and archive the cuttings off somewhere. Any one have a
solution for this already? Or give me an idea of how I might go about this?
Some magical SQL statement? It's getting really big.
I realize this is more of a mysql than a snort question, but my guess is
some of you have dealt with this already, or will be dealing with it soon.
Any advice or insight would be appreciated.
(Nice job at Monetery, SANS, Martin)
Snort-users mailing list
Snort-users at lists.sourceforge.net
More information about the Snort-users