[Snort-users] Snorting ACID and DB maintenance

Randy Bey Randy.Bey at ...6683...
Fri Aug 23 08:20:08 EDT 2002

Hey Now,
I have ACID installed and lo and behold, less than a day and 1000 events
in both 'event' and 'acid_event' tables.

By my modest predictions, this will be a !#@$&! of data toot sweet.

Other than going into ACID and manually selecting false positives and
deleting them, are there other thoughts on how to keep from choking on
the DB size?

Not sure if this an ACID question or a MYSQL question. Probably more
MYSQL, although I know even less about MYSQL than I do about ACID after
a whole day of experimentation.

Such as, 

1) can I limit the size of the MYSQL database?
2) Can I do something as bone simple as 'delete from (event, acid_event)
where timestamp < "some timestamp";'?

Any ideas or good general practices out there?

Randy Bey
RiverNorth Systems
7300 W 147th St Suite 300
Apple Valley, MN 55124

More information about the Snort-users mailing list