[Snort-users] SQL command to clear out the snort database

Nick Hatch nick at ...11410...
Fri Oct 15 19:31:07 EDT 2004


That's pretty much what I do too. There is very little in the DB that 
needs to stay.

The first time I cleaned house I dropped every table -- a bit 
overzealous. There are a few entries (like the sensor and schema table) 
which are required. Snort includes the script to create the DB in the 
tarball, you could glance at that script and "work backwards" to see 
what is required and clear everything else.

-Nick

Botwick, Jason (Genworth, Contractor) wrote:

>I use this:
>
>DELETE FROM data;
>DELETE FROM event;
>DELETE FROM icmphdr;
>DELETE FROM iphdr;
>DELETE FROM opt;
>DELETE FROM tcphdr;
>DELETE FROM udphdr;
>DELETE FROM signature;
>DELETE FROM sig_class;
>DELETE FROM sig_reference;
>DELETE FROM reference;
>DELETE FROM reference_system;
>DELETE FROM acid_event;
>DELETE FROM acid_ip_cache;
>
>I forget where I got that, probably Patrick Harper.
>  
>
-- 
Nick Hatch
ResTek Consultant
restek.wwu.edu 650-2946





More information about the Snort-users mailing list