[Snort-users] MySQL Log rotate

David Gadbois gadbois at ...3338...
Mon Sep 10 08:44:02 EDT 2001


Ah.  The acid_event table got added in 0.9.6b13, and I have been running
0.9.6b12.  It appears all you will need to do is add a couple of lines:

   $dbh->prepare("DELETE FROM acid_event WHERE sid = ? AND cid = ?"),

and

   $dbh->do("OPTIMIZE TABLE acid_event");

I haven't tested this, so use at your own risk.

--David Gadbois
   

roman at ...438... wrote:
> 
> The ACID event cache does _not_ get purged periodically.  If you have a
> script which removes an alert from the database be sure to also delete
> the associated alert information from the acid_event table.
> 
> cheers,
> Roman
> 
> On Mon, 10 Sep 2001, Jyri Hovila wrote:
> 
> > Hi!
> >
> > >> How so I rotate the logs in MySQL? Is the best way to just delete the
> > rows
> > >> in the event table? What if I want to archive the information?
> >
> > > I figure old events are not worth keeping around.  I have attached a
> > > Perl script I use to delete events over 30 days old.  It works with
> > the
> > > version 103 schema.  Since MySQL does not have nested queries or
> > foreign
> > > key constraints, it is pretty crufty.  Lose the "acid_ag_alert" lines
> > if
> > > you are not using Acid.
> >
> > Thanks for the script David!
> >
> > There's one thing I don't understand. After running the script, Acid
> > cache contains just as many events as it did before I ran the script.
> > Acid application cache status says:
> >
> >       Total Events: 504
> >       Cached Events: 1827
> >
> > Updating the alert cache has no effect. Is the cache purged
> > automatically after some time or do I have to do something about it
> > myself?




More information about the Snort-users mailing list