[Snort-users] Snorting ACID and DB maintenance
jimb at ...6373...
Fri Aug 23 13:26:03 EDT 2002
You should be able to delete or move into the archive any type of alerts
you like based on a search. You can do this by going into search,
entering a search which results in the types of alerts to be deleted,
and selecting 'delete' or 'move into archive' at the bottom of the screen.
Of course, I've never actually DONE this, but it should work :-). I
have my snort rules set up pretty well to filter false positives at this
point, so I don't get many of them.
Randy Bey wrote:
>I have ACID installed and lo and behold, less than a day and 1000 events
>in both 'event' and 'acid_event' tables.
>By my modest predictions, this will be a !#@$&! of data toot sweet.
>Other than going into ACID and manually selecting false positives and
>deleting them, are there other thoughts on how to keep from choking on
>the DB size?
>Not sure if this an ACID question or a MYSQL question. Probably more
>MYSQL, although I know even less about MYSQL than I do about ACID after
>a whole day of experimentation.
>1) can I limit the size of the MYSQL database?
>2) Can I do something as bone simple as 'delete from (event, acid_event)
>where timestamp < "some timestamp";'?
>Any ideas or good general practices out there?
>7300 W 147th St Suite 300
>Apple Valley, MN 55124
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone? Get a new here for FREE!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users