[Snort-users] SQL command to clear out the snort database

Michael Steele michaels at ...9077...
Fri Oct 15 21:16:02 EDT 2004


Why can't you just drop the database and create it again from the script
that is provided in the snort distribution archive. This will surely zero
everything out. Takes me about 1 minute to do this.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Nick Hatch
> Sent: Friday, October 15, 2004 7:31 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] SQL command to clear out the snort database
> 
> That's pretty much what I do too. There is very little in the DB that
> needs to stay.
> 
> The first time I cleaned house I dropped every table -- a bit
> overzealous. There are a few entries (like the sensor and schema table)
> which are required. Snort includes the script to create the DB in the
> tarball, you could glance at that script and "work backwards" to see
> what is required and clear everything else.
> 
> -Nick
> 
> Botwick, Jason (Genworth, Contractor) wrote:
> 
> >I use this:
> >
> >DELETE FROM data;
> >DELETE FROM event;
> >DELETE FROM icmphdr;
> >DELETE FROM iphdr;
> >DELETE FROM opt;
> >DELETE FROM tcphdr;
> >DELETE FROM udphdr;
> >DELETE FROM signature;
> >DELETE FROM sig_class;
> >DELETE FROM sig_reference;
> >DELETE FROM reference;
> >DELETE FROM reference_system;
> >DELETE FROM acid_event;
> >DELETE FROM acid_ip_cache;
> >
> >I forget where I got that, probably Patrick Harper.
> >
> >
> --
> Nick Hatch
> ResTek Consultant
> restek.wwu.edu 650-2946
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
> more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list