[Snort-users] Snort, MySQL, Acid

Ian Macdonald secsnort at ...5528...
Tue May 7 12:56:04 EDT 2002


Sorry that should be http://www.dirk.demon.co.uk/utils/
My bad

Ian
----- Original Message -----
From: "Ian Macdonald" <secsnort at ...5528...>
To: "Whaley, Mike" <mwhaley at ...5464...>; "'Anton A. Chuvakin'"
<anton at ...5376...>; "Tim Sailer" <sailer at ...2968...>
Cc: "Redman, Ken" <ken.redman at ...5424...>; "Snort Users List (E-mail)"
<snort-users at lists.sourceforge.net>
Sent: Tuesday, May 07, 2002 10:17 AM
Subject: Re: [Snort-users] Snort, MySQL, Acid


> You might want to have a look at www.dirk.demon.co.uk/tools. I wrote some
> scripts for managing the snort part of the database. The idea was that you
> could run it every night in a  cron job or scheduled task. I am thinking
> about extending them to create a complete copy of the demarc data as well
so
> you could have say 5 days in the active store that you monitor then
another
> copy of the demarc console installed that hits the archive database. This
> would give you the ability to go back and loook at archived data, but with
> the knowledge that it might take some time to bring back data
>
>
> Ou of interest which setting in the IIS did you change. I couldn't track
> down the setting that would stop the cgi-timeout messages in IIS.
>
> Thanks
>
> Ian
> ----- Original Message -----
> From: "Whaley, Mike" <mwhaley at ...5464...>
> To: "'Anton A. Chuvakin'" <anton at ...5376...>; "Tim Sailer"
> <sailer at ...2968...>
> Cc: "Redman, Ken" <ken.redman at ...5424...>; "Snort Users List (E-mail)"
> <snort-users at lists.sourceforge.net>
> Sent: Monday, May 06, 2002 4:12 PM
> Subject: RE: [Snort-users] Snort, MySQL, Acid
>
>
> > I have the same configuration on win2k and I just fixed this problem
with
> > mine.  First, increase your timeout value in your acid_conf.php file.
> Next
> > you'll get cgi errors for IIS is you are running that.  Increase your
> > timeout for IIS and that should fix it.  For about 25,000 records it
takes
> > about 1300 seconds to move the data to another archive on my machine.
> > Everything works great now and I can successfully move, copy, and delete
> > large amounts of data.
> >
> > Mike Whaley
> >
> > -----Original Message-----
> > From: Anton A. Chuvakin [mailto:anton at ...5376...]
> > Sent: Monday, May 06, 2002 1:33 PM
> > To: Tim Sailer
> > Cc: Redman, Ken; Snort Users List (E-mail)
> > Subject: Re: [Snort-users] Snort, MySQL, Acid
> > Importance: High
> >
> >
> > Hello,
> >
> > >I think the easiest way, since you have ACID, is to query on your IP
> > >address in ACID, and then tell it to delete the whole query. It will
> > >clean up nicely.
> > Not it if you have 100,000 records or more.
> >
> > Sorry for a one-liner, but archiving/deleting with ACID for large
> > databases is very unstable. I have not found a way to recover my
> > ACID/snort database after it was flooded by thousands of records. That
> > leaves in pretty much unusable shape.
> >
> > Best,
> > --
> >      Anton A. Chuvakin, Ph.D.
> >      http://www.chuvakin.org
> >    http://www.info-secure.org
> >
> >
> > _
> >
> > _______________________________________________________________
> >
> > Have big pipes? SourceForge.net is looking for download mirrors. We
supply
> > the hardware. You get the recognition. Email Us:
bandwidth at ...382...
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...382...
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list