[Snort-users] Database maintence scripts

Ian Macdonald secsnort at ...5528...
Thu May 2 18:52:27 EDT 2002


I had a snort mysql database that was huge so I wrote some scripts to
archive the data. I thought I would share them with everyone.

they are available at www.dirk.demon.co.uk/utils/snort-maint.zip

You need to run create_table.sql in your snort database to create
arch_data
arch_event
arch_icmphdr
arch_iphdr
arch_opt
arch_tcphdr
arch_udphdr
arch_timestamp

then you can edit run.sh on unix or run.bat to set your username and
password etc.

When you run the scripts it will copy all data older than 7 days from
event,icmphdr,iphdr,opt,tcphdr and udphdr to the arch_ tables then delete
the data.

If you can change the time period by editing stage1.sql.

I haven't done much testing so use at your own risk.

If you find any problems please let me know

Ian






More information about the Snort-users mailing list