[Snort-users] MySQL Log rotate

roman at ...438... roman at ...438...
Mon Sep 10 07:18:05 EDT 2001


The ACID event cache does _not_ get purged periodically.  If you have a   
script which removes an alert from the database be sure to also delete    
the associated alert information from the acid_event table.                               
          
cheers,
Roman  

On Mon, 10 Sep 2001, Jyri Hovila wrote:

> Hi!
> 
> >> How so I rotate the logs in MySQL? Is the best way to just delete the
> rows
> >> in the event table? What if I want to archive the information?
> 
> > I figure old events are not worth keeping around.  I have attached a
> > Perl script I use to delete events over 30 days old.  It works with
> the
> > version 103 schema.  Since MySQL does not have nested queries or
> foreign
> > key constraints, it is pretty crufty.  Lose the "acid_ag_alert" lines
> if
> > you are not using Acid.
> 
> Thanks for the script David!
> 
> There's one thing I don't understand. After running the script, Acid
> cache contains just as many events as it did before I ran the script.
> Acid application cache status says: 
> 
> 	Total Events: 504
> 	Cached Events: 1827
> 
> Updating the alert cache has no effect. Is the cache purged
> automatically after some time or do I have to do something about it
> myself?
> 
> Thanks! =)
> 
> - Jyri
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list