[Snort-users] SQL Database way too large.

Paul Schmehl pauls at ...6838...
Fri Jan 21 15:02:01 EST 2005


--On Friday, January 21, 2005 05:47:45 PM -0500 DTC <chubeshoi at ...12935...> 
wrote:

> Hi All.
>
> I just recently got all the components of snort working (apache, php,
> mysql, acid, etc.)
>
> But after hooking it up on a monitor port on my core switch, the database
> became so big after one night, acid takes over 20 seconds to load the
> mainpage!  Is there any script out there or setting that can help me
> clear my sql database every night??
>
Yes, there is, but first you need to find out why you're "filling up" the 
db in one night!  Is it because you have all the rules enabled?  Because 
you have an incredibly large pipe?

You can get copy of my db archiving script here:
http://www.ntsug.org/ - click on downloads.  It's a tarball with a perl 
script, config file and readme.  Should be self-explanatory.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list