[Snort-users] Snorting ACID and DB maintenance

Ian Macdonald secsnort at ...5528...
Tue Aug 27 09:15:02 EDT 2002

I have an example tool on how to do this on my web site

The current version of mysql is a little limited on how you can do deletes
so you have to bend it a little to get it work. Have a look at my util for
doing archiving


----- Original Message -----
From: "Randy Bey" <Randy.Bey at ...6683...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, August 23, 2002 11:21 AM
Subject: [Snort-users] Snorting ACID and DB maintenance

> Hey Now,
> I have ACID installed and lo and behold, less than a day and 1000 events
> in both 'event' and 'acid_event' tables.
> By my modest predictions, this will be a !#@$&! of data toot sweet.
> Other than going into ACID and manually selecting false positives and
> deleting them, are there other thoughts on how to keep from choking on
> the DB size?
> Not sure if this an ACID question or a MYSQL question. Probably more
> MYSQL, although I know even less about MYSQL than I do about ACID after
> a whole day of experimentation.
> Such as,
> 1) can I limit the size of the MYSQL database?
> 2) Can I do something as bone simple as 'delete from (event, acid_event)
> where timestamp < "some timestamp";'?
> Any ideas or good general practices out there?
> Randy Bey
> RiverNorth Systems
> 7300 W 147th St Suite 300
> Apple Valley, MN 55124
> http://www.rivernorthsys.com
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

More information about the Snort-users mailing list