[Snort-users] Snorting ACID and DB maintenance
Randy.Bey at ...6683...
Fri Aug 23 08:20:08 EDT 2002
I have ACID installed and lo and behold, less than a day and 1000 events
in both 'event' and 'acid_event' tables.
By my modest predictions, this will be a !#@$&! of data toot sweet.
Other than going into ACID and manually selecting false positives and
deleting them, are there other thoughts on how to keep from choking on
the DB size?
Not sure if this an ACID question or a MYSQL question. Probably more
MYSQL, although I know even less about MYSQL than I do about ACID after
a whole day of experimentation.
1) can I limit the size of the MYSQL database?
2) Can I do something as bone simple as 'delete from (event, acid_event)
where timestamp < "some timestamp";'?
Any ideas or good general practices out there?
7300 W 147th St Suite 300
Apple Valley, MN 55124
More information about the Snort-users