[Snort-users] Purge all Snort events from MySQL database?

jon baer security at ...9153...
Fri Sep 19 13:32:09 EDT 2003


thanks works nicely!

do you mind if i port it to php for "Flush Database" button in ACID?

- jon

----- Original Message ----- 
From: "Dusty Hall" <halljer at ...8709...>
To: <security at ...9153...>; <snort-users at lists.sourceforge.net>
Sent: Friday, September 19, 2003 9:02 AM
Subject: Re: [Snort-users] Purge all Snort events from MySQL database?


> 
> This is what I use:
> 
> http://www.perlmonks.com/index.pl?node_id=247926
> 
> 
> -Dusty
> 
> 
> >>> "jon baer" <security at ...9153...> 9/18/2003 4:35:38 PM >>>
> i think u are right, i looked through the spo_database.c code + there
> is
> alot more going on ... looks like u might need to flush more than
> snort.event ... i just noticed that acid_maintenance.php also does not
> have
> a flush option w/ the tables.
> 
> it seems to me the real problem lies with the table types used to
> create the
> mysql tables to begin with (from create_mysql.sql) in that you *may*
> be
> better off declaring them as MERGE tables:
> 
> http://www.mysql.com/doc/en/MERGE.html 
> 
> you could then (i think) theoretically pull the merge table data out
> from a
> cron job @ daily intervals for analysis.  really not sure if that
> makes
> things easier, its seem like barnyard + these types of tables would
> make it
> much smoother.
> 
> - jon
> 
> ----- Original Message -----
> From: "Michael Steele" <michaels at ...9077...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Thursday, September 18, 2003 5:34 PM
> Subject: RE: [Snort-users] Purge all Snort events from MySQL database?
> 
> 
> > Jon,
> >
> > I think I remember awhile back that this topic was discussed and I
> think
> the
> > conclusion was that flushing or purging the database, kind of like
> when
> Acid
> > does a delete, that it really doesn't remove everything.
> >
> > Is this still true?
> >
> >  Cheers...
> >
> > -Michael Steele
> > --
> >  System Engineer / Security Support Technician
> >  mailto:michaels at ...9077... 
> >  Website: http://www.winsnort.com 
> >  Snort: Open Source Network IDS - http://www.snort.org 
> >
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net 
> > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of jon
> baer
> > Sent: Thursday, September 18, 2003 11:25 AM
> > To: snort-users at lists.sourceforge.net 
> > Subject: Re: [Snort-users] Purge all Snort events from MySQL
> database?
> >
> > hmm not sure there is one ... you can always flush the events via
> command
> > line:
> >
> > echo "delete from snort.event" | mysql -h 10.10.10.10 -u
> snort -pmypassword
> >
> > - jon
> >
> > ----- Original Message -----
> > From: "Raj Wurttemberg" <rajw at ...6927...>
> > To: "'Pig-A-Holics Anonymous'" <snort-users at lists.sourceforge.net>
> > Sent: Thursday, September 18, 2003 1:22 PM
> > Subject: [Snort-users] Purge all Snort events from MySQL database?
> >
> >
> > >
> > > Simple question from a Snort noob...
> > >
> > > What is the proper method to purge all the Snort events from a
> MySQL
> > > database?
> > >
> > > Thanks,
> > > /*Raj*/
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by:ThinkGeek
> > > Welcome to geek heaven.
> > > http://thinkgeek.com/sf 
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net 
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users 
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net 
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users 
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net 
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users 
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
> >
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users 
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list