[Snort-users] For those of you

Esler, Joel - Contractor joel.esler at ...9426...
Tue Jul 27 07:49:14 EDT 2004

Someone emailed me today offline in response to the mysql I had, well,
instead of messing with it I wrote a php script (yes) that cleans out
whatever database you have whenever you want it to do it.  (by changing
the interval).

It's not rocket science, but I figure I'll put it out there for people
that don't want to reinvent the wheel.  Run it once a day through your

-------------begin cut----------------
#!/bin/php -q
//define mysql connection settings
define('HOST', 'localhost');
define('USER', 'user');
define('PASS', 'password');
define('DB', 'dbname');

mysql_connect(HOST, USER, PASS)
or die("Couldnt connect to database");
or die("Couldnt select database");

//This delete query will purge all logs that are older than 30 days
$delete = mysql_query("DELETE FROM event WHERE timestamp <
or die(mysql_error());
$delete = mysql_query("DELETE FROM acid_event WHERE timestamp <
or die(mysql_error());
----------end cut-----------------

Okay, well how about all those tcpdump binaries I have that I want to
keep but don't want taking up a bunch of space?
This is REALLY not rocket science...

-----------begin cut-------------


find /path/to/your/snort/logs/* -mtime 1 -exec gzip {} \;

#If you want them to just be deleted after one year too...

find /path/to/your/snort/logs/* -mtime 365 -exec rm -rf {} \;

--------------end cut--------------

Execute that script once an hour.  Like I said, it's not brain surgery,
just thought these command could be useful to everyone besides the guy
that emailed me.


More information about the Snort-users mailing list