[Snort-users] event database size
pauls at ...6838...
Wed May 24 17:11:09 EDT 2006
Have you tried using my archive script?
--On May 24, 2006 8:10:43 AM -0400 "Wright, Albert John (A J)"
<ajw at ...6827...> wrote:
> In the "contrib" directory of previous versions of snort (2.2.0 maybe?)
> there was a snort_archdb perl script that still works with the current
> schema. From what I can tell, it takes care of the problem with data
> dependencies between the various tables.
> It seems to be somewhat resource intensive. Our 42Gb database takes an
> hour or two to purge. When we originally started using it (and our DB
> was 350Gb), database connections would timeout before some commands would
> Now, if others are using something different that has shown better
> results ... I'd love to know.
> A. J. Wright -- <ajw at ...6827...>
> Senior Security Analyst, Information Security Office
> University of Tennessee, Knoxville
> From: snort-users-admin at lists.sourceforge.net on behalf of John Newman
> Sent: Tue 2006-05-23 11:38 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] event database size
> Anyone out there know of any good pre-existing solutions to keeping the
> event database from growing ever bigger and bigger? I suppose some
> simple sql code, e.g.
> delete from snort.event where time < 'XXXXX'
> or something like that.... is this what others are doing?
> John Newman
> Systems Administrator, WebXess Inc.
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 3824 bytes
Desc: not available
More information about the Snort-users