[Snort-users] manual access to ACID databases

Jones, Benny Ben at ...32...
Wed Oct 10 06:50:07 EDT 2001


recent nimda shenanigans has apparently overloaded my
ACID database with 10s of thousands (probably a few
hundred thousand) alerts that I don't want.  The initial
ACID display doesn't come up (the mysqld process simply
chugs away for over an hour).

I'd like to go into the mysql database and use SQL to
delete the records manually, but I'm concerned that
I'll leave the database equivalent of broken links around
if I make a mistake.

Has anyone else successfully dealt with something like this?
If manual access is an option, what is the command to use to
get rid of say, all alerts with "outgoing admin.dll" in them?
Or, maybe I've got something misconfigured.  Any advice would
be appreciated.  

TIA

Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011010/7b3c113a/attachment.html>


More information about the Snort-users mailing list