[Snort-users] Snort, Mysql purging

Josh Berry josh.berry at ...10221...
Wed Dec 10 15:34:01 EST 2003


I HIGHLY suggest NOT deleting the information.  I suggest having a
secondary archive db that you move stuff like Welchia too when you think
you don't need it anymore.  That way you can keep the data and free up
resources on your primary DB.  Then if you really need to delete the data
you can on the archive.

Acid provides a drop-down bar to allow you to delete any query you run but
if you really want to purge the DB then use a truncate table [table_name]
command in MySQL.

> New user....
>
>
>
> I have installed snort, mysql and acid per the published instructions.
> Works great.
>
> I am by no means an expert at any of these though.
>
> What I have not found is a method to purge the database on a regular
> schedule.
>
> I had a minor welchia virus this week that drove the database size way up.
> Now
>
>  acid is taking mins. to build pages.  Can someone point me in the right
> direction?
>
>
>
> Jack Snedecor
>
> GiS
>
> VP, Network Operations Group
>
> -----Original Message-----
> From: Sp0oKeR Labs [mailto:spooker at ...10483...]
> Sent: Wednesday, December 10, 2003 6:47 PM
> To: Grammer, Christopher S; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Remote NIDS
>
>
>
> At your snort.conf, in all sensors use:
>
>
>
> output database: log, mysql, user=user_snort password=pass_snort
> dbname=db_snort host=ip_server_mysql_acid
>
>
>
> You can create the snort database with create_mysql at contrib/ directory
> .
>
> Best Regards,
>
>
>
> Sp0oKeR
>
> ----- Original Message -----
>
> From: Grammer, <mailto:christopher.grammer at ...7950...>  Christopher S
>
> To: snort-users at lists.sourceforge.net
> <mailto:snort-users at lists.sourceforge.net>
>
> Sent: Wednesday, December 10, 2003 7:03 PM
>
> Subject: [Snort-users] Remote NIDS
>
>
>
> I am looking for a method to have remote NIDS log alerts to a central
> SNORT/Acid box running MySQL and Redhat 9.0.
>
> Anyone have a link for docs on this or recommendations?
>
>
>
> Chris
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


Thanks,
Josh Berry, CTO
LinkNet-Solutions
469-831-8543
josh.berry at ...10268...





More information about the Snort-users mailing list