[Snort-users] For those of you

Max Valdez maxvalde at ...11353...
Tue Jul 27 11:14:20 EDT 2004


What about this ??

I havent look at the tables design carefully, but I have this proposal.
maybe i should set where cid='$row->cid' or sid='$row->sid' ??

Coments accepted
Max

--------
#!/bin/php -q
<?php
        //define mysql connection settings
        define('HOST', 'localhost');
        define('USER', 'user');
        define('PASS', 'password');
        define('DB', 'dbname');

        mysql_connect(HOST, USER, PASS)
        or die("Couldnt connect to database");
        mysql_select_db(DB)
        or die("Couldnt select database");

        $select =mysql_query("SELECT cid FROM event WHERE timestamp 
<CURRENT_DATE() - INTERVAL 30 DAY")
        or die(mysql_error());
        $rows=0;
        while($row=mysql_fetch_object($select) {
                $delete=mysql_query("DELETE FROM acid_event where 
cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
                $delete=mysql_query("DELETE FROM data where cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
                $delete=mysql_query("DELETE FROM iphdr where cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
                $delete=mysql_query("DELETE FROM opt where cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
                $delete=mysql_query("DELETE FROM tcphdr where 
cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
                $delete=mysql_query("DELETE FROM udphdr where 
cid='$row->cid'";
                $qrows=mysql_fetch_row($delete);
                $rows = $rows + $qrows;
        }

        //This delete query will purge all logs that are older than 30 days
        $delete = mysql_query("DELETE FROM event WHERE timestamp <
        CURRENT_DATE() - INTERVAL 30 DAY")
        or die(mysql_error());
?>
------------

-- 
Linux garaged 2.6.7-rc3-mm2 #2 Sat Jun 19 15:43:32 CDT 2004 i686 Intel(R) 
Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- 
V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z**
------END GEEK CODE BLOCK------
gpg-key: http://garaged.homeip.net/gpg-key.txt




More information about the Snort-users mailing list