[Snort-users] Snort, Mysql purging

Mark Fagan r00t at ...10564...
Thu Dec 11 01:57:05 EST 2003


Hi Jack,

I have the same problem with many sensors on customers sites, and instead of 
asking the customer to change the PHP timeout and wait for hours while ACID 
deletes the alerts.

I ask them to use MySql Control Center which is a Win32 MySql client, deletes 
the alerts in seconds.

Hope this helps ....

Mark


Quoting Jack Snedecor <jsnedecor at ...10724...>:

> New user....
> 
>  
> 
> I have installed snort, mysql and acid per the published instructions.
> Works great.
> 
> I am by no means an expert at any of these though.
> 
> What I have not found is a method to purge the database on a regular
> schedule.
> 
> I had a minor welchia virus this week that drove the database size way up.
> Now
> 
>  acid is taking mins. to build pages.  Can someone point me in the right
> direction?
> 
>  
> 
> Jack Snedecor
> 
> GiS
> 
> VP, Network Operations Group
> 
> -----Original Message-----
> From: Sp0oKeR Labs [mailto:spooker at ...10483...] 
> Sent: Wednesday, December 10, 2003 6:47 PM
> To: Grammer, Christopher S; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Remote NIDS
> 
>  
> 
> At your snort.conf, in all sensors use:
> 
>  
> 
> output database: log, mysql, user=user_snort password=pass_snort
> dbname=db_snort host=ip_server_mysql_acid
> 
>  
> 
> You can create the snort database with create_mysql at contrib/ directory .
> 
> Best Regards,
> 
>  
> 
> Sp0oKeR
> 
> ----- Original Message ----- 
> 
> From: Grammer, <mailto:christopher.grammer at ...7950...>  Christopher S 
> 
> To: snort-users at lists.sourceforge.net
> <mailto:snort-users at lists.sourceforge.net>  
> 
> Sent: Wednesday, December 10, 2003 7:03 PM
> 
> Subject: [Snort-users] Remote NIDS
> 
>  
> 
> I am looking for a method to have remote NIDS log alerts to a central
> SNORT/Acid box running MySQL and Redhat 9.0.
> 
> Anyone have a link for docs on this or recommendations?
> 
>  
> 
> Chris
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 







More information about the Snort-users mailing list