[Snort-users] data table full in MYSQL
roman at ...438...
Tue Oct 16 10:36:22 EDT 2001
A couple of clarifications:
- If you deleted events from the database manually, make sure to delete
the corresponding information from all tables (i.e. event, iphdr,
tcphdr/icmphdr/udphdr, data, opt). Otherwise, the database will be left
in an inconsistent state.
- the event cache does not store any data on the packet payload
Assuming you have deleted a number of alerts from the database without
using ACID, the cache will need to be rebuilt. Issue the following
command from the mysql command line:
mysql> DELETE FROM acid_event;
This command will delete the entire cache. To recreate it, use the
maintenance page or simply enable auto-updating of the event cache.
On Tue, 16 Oct 2001, Reeves, Michael (GEAE, Compaq) wrote:
> database: mysql_error: The table 'data' is full
> my data.MYD is 4.2 gigs :) I killed a bunch of events from the acid
> but no dice. It looks like it is pulling them into cache but not
> them from the data.myd directory. The user has full rights over the
> Also when I go into cache and status is says there are 300,000+ alerts
> only 56000 cached events. I update the alert cache and it says 0 alerts
> added. I am not sure of how the process works. Should I wipe the DB and
> start over?
More information about the Snort-users