[Snort-users] archiving mysql

Fraser Hugh hugh_fraser at ...2804...
Wed Sep 5 06:36:07 EDT 2001


You can select events by any criteria you want, and archive the results of
the query (either a move or a copy). The archive can also be on a different
machine if (as is my case) disk space becomes an issue.

> -----Original Message-----
> From:	Jacob Killian [SMTP:jacob at ...3217...]
> Sent:	Tuesday, September 04, 2001 2:57 PM
> To:	roman at ...438...
> Cc:	snort-users at lists.sourceforge.net
> Subject:	Re: [Snort-users] archiving mysql
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I do have a very recent version of ACID.
> 
> Can I query all alerts before Sept. 1st, and archive them as a group, or
> do I 
> need to go through each individual alert?
> 
> Thanks!
> Jacob
> 
> On Tuesday 04 September 2001 01:39 am, roman at ...438... wrote:
> > If you have a fairly current version of ACID, this archiving
> functionality
> > is already provided as an alert action.
> >
> > Roman
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hello-
> > >
> > > Does anyone have any recommendations for archiving the snort db in
> mysql?
> > > I'm running snort with acid, and the mysql database is getting too
> large
> > > to handle.
> > >
> > > I'm tempted to go tar everything up and start with empty tables, but
> I'd
> > > like advice first.
> > >
> > > Thanks!
> > >
> > > - --
> > > Jacob Killian
> > > System Administrator
> > > PGTC Internet
> > >
> > > jacob at ...3217...
> > > http://www.pgtc.com
> > > 501-846-7245
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.0.6 (GNU/Linux)
> > > Comment: For info see http://www.gnupg.org
> > >
> > > iD8DBQE7lRcmVNUHoXz2/TkRAodzAJ4gFqbQQD1oIWRE4H8W1YUShxU92QCfbZBN
> > > 38XAA3FUA94uTXJ+kjkwDN0=
> > > =MxTI
> > > -----END PGP SIGNATURE-----
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > ---------------------------------------------
> > This message was sent using Voicenet WebMail.
> >       http://www.voicenet.com/webmail/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE7lSPsVNUHoXz2/TkRAkoiAJ4u1XIzUYmuzWaJVqHCB9VRjn4YtACeOQWu
> 1EwISg/u8Tb/KAHOunjc6Rw=
> =/k9Q
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list