[Snort-users] Clearing the snort database

Schmehl, Paul L pauls at ...6838...
Tue Jun 17 11:01:12 EDT 2003


I doubt the database is "full".  What's probably happening is that ACID
can no longer load its tables in a reasonable amount of time.  The
bigger the database, the slower ACID loads.

Frankly I think you should call the consultant and ask him to finish the
job.  Otherwise you are going to have to learn what each of the tables
do and which have data that you can delete and which don't.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

> -----Original Message-----
> From: Michael.Mulholland at ...9481... 
> [mailto:Michael.Mulholland at ...9481...] 
> Sent: Friday, June 13, 2003 8:27 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Clearing the snort database
> 
> 
> Folks,
> 
> I have 11 IDS machines connecting to a single console machine 
> with ACID on it.
> 
> Unfortunately the console machine won't load the ACID console 
> - it just sits sending the request to the localhost. As a 
> result i've disconnected the network cable to stop any more 
> info being collected as a stop gap
> 
> I suspect the database is full so i want to clear it but 
> being new to IDS i'm not sure how.
> 
> The consultant who installed it also included a gui based 
> client called 'gmyclient' which allows me to right click on 
> individual tables in the snort database with the option of 
> emptying the table
> 
> Does this sound a reasonable option or can anyone point me to 
> the directory where i need to empty the database and if 
> possible let me know the commands
> 
> i'm using redhat 8 linux
> 
> apologies for appearing like a newbie but thats what i am




More information about the Snort-users mailing list