[Snort-users] Snort, MySQL, Acid

Anton A. Chuvakin anton at ...5376...
Mon May 6 12:34:06 EDT 2002


Hello,

>I think the easiest way, since you have ACID, is to query on your IP
>address in ACID, and then tell it to delete the whole query. It will
>clean up nicely.
Not it if you have 100,000 records or more.

Sorry for a one-liner, but archiving/deleting with ACID for large
databases is very unstable. I have not found a way to recover my
ACID/snort database after it was flooded by thousands of records. That
leaves in pretty much unusable shape.

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org





More information about the Snort-users mailing list