[Snort-users] MySQL Log rotate
gadbois at ...3338...
Mon Sep 10 08:44:02 EDT 2001
Ah. The acid_event table got added in 0.9.6b13, and I have been running
0.9.6b12. It appears all you will need to do is add a couple of lines:
$dbh->prepare("DELETE FROM acid_event WHERE sid = ? AND cid = ?"),
$dbh->do("OPTIMIZE TABLE acid_event");
I haven't tested this, so use at your own risk.
roman at ...438... wrote:
> The ACID event cache does _not_ get purged periodically. If you have a
> script which removes an alert from the database be sure to also delete
> the associated alert information from the acid_event table.
> On Mon, 10 Sep 2001, Jyri Hovila wrote:
> > Hi!
> > >> How so I rotate the logs in MySQL? Is the best way to just delete the
> > rows
> > >> in the event table? What if I want to archive the information?
> > > I figure old events are not worth keeping around. I have attached a
> > > Perl script I use to delete events over 30 days old. It works with
> > the
> > > version 103 schema. Since MySQL does not have nested queries or
> > foreign
> > > key constraints, it is pretty crufty. Lose the "acid_ag_alert" lines
> > if
> > > you are not using Acid.
> > Thanks for the script David!
> > There's one thing I don't understand. After running the script, Acid
> > cache contains just as many events as it did before I ran the script.
> > Acid application cache status says:
> > Total Events: 504
> > Cached Events: 1827
> > Updating the alert cache has no effect. Is the cache purged
> > automatically after some time or do I have to do something about it
> > myself?
More information about the Snort-users