[Snort-users] (no subject)

Steve Halligan agent33 at ...187...
Mon Sep 17 13:42:05 EDT 2001


>When I look at my default snort view screen I see TCP, UCP, ICMp, etc....
traffic.

>how can I erase all of this and start clean?

>I want to move my sensor to another subnet but want to clear out the old
data....

>Kenny

>I'm using acid v0.9.6b6 for windows 2000

1)  Get a newer version of Acid.  That one is quite old.
2)  Since you want to remove all of the old alerts from the database, why
don't you just leave the old one, and create a new database called snort_new
or something.
3)  Newer versions of Acid allow the archiving of alerts.  You need to
create a new database (eg. snort_archive) to archive into.  Then you run a
query, or tell acid to list all alerts if you want to archive all of them.
Once you are looking at the alert display, go to the bottom of the page and
select archive alerts.  You can select specific alerts, all on page, or
entire query.  The script may time out if you select entire query, but you
can either increase the max script run time, or just run the action over
again until all the alerts are archived.

_steve




More information about the Snort-users mailing list