[Snort-users] Purge all Snort events from MySQL database?

Dusty Hall halljer at ...8709...
Fri Sep 19 13:22:34 EDT 2003


This is what I use:

http://www.perlmonks.com/index.pl?node_id=247926


-Dusty


>>> "jon baer" <security at ...9153...> 9/18/2003 4:35:38 PM >>>
i think u are right, i looked through the spo_database.c code + there
is
alot more going on ... looks like u might need to flush more than
snort.event ... i just noticed that acid_maintenance.php also does not
have
a flush option w/ the tables.

it seems to me the real problem lies with the table types used to
create the
mysql tables to begin with (from create_mysql.sql) in that you *may*
be
better off declaring them as MERGE tables:

http://www.mysql.com/doc/en/MERGE.html 

you could then (i think) theoretically pull the merge table data out
from a
cron job @ daily intervals for analysis.  really not sure if that
makes
things easier, its seem like barnyard + these types of tables would
make it
much smoother.

- jon

----- Original Message -----
From: "Michael Steele" <michaels at ...9077...>
To: <snort-users at lists.sourceforge.net>
Sent: Thursday, September 18, 2003 5:34 PM
Subject: RE: [Snort-users] Purge all Snort events from MySQL database?


> Jon,
>
> I think I remember awhile back that this topic was discussed and I
think
the
> conclusion was that flushing or purging the database, kind of like
when
Acid
> does a delete, that it really doesn't remove everything.
>
> Is this still true?
>
>  Cheers...
>
> -Michael Steele
> --
>  System Engineer / Security Support Technician
>  mailto:michaels at ...9077... 
>  Website: http://www.winsnort.com 
>  Snort: Open Source Network IDS - http://www.snort.org 
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of jon
baer
> Sent: Thursday, September 18, 2003 11:25 AM
> To: snort-users at lists.sourceforge.net 
> Subject: Re: [Snort-users] Purge all Snort events from MySQL
database?
>
> hmm not sure there is one ... you can always flush the events via
command
> line:
>
> echo "delete from snort.event" | mysql -h 10.10.10.10 -u
snort -pmypassword
>
> - jon
>
> ----- Original Message -----
> From: "Raj Wurttemberg" <rajw at ...6927...>
> To: "'Pig-A-Holics Anonymous'" <snort-users at lists.sourceforge.net>
> Sent: Thursday, September 18, 2003 1:22 PM
> Subject: [Snort-users] Purge all Snort events from MySQL database?
>
>
> >
> > Simple question from a Snort noob...
> >
> > What is the proper method to purge all the Snort events from a
MySQL
> > database?
> >
> > Thanks,
> > /*Raj*/
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net 
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users 
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
> >
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users 
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users 
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users 
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users 
>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list