[Snort-users] FW: Script to purge snort and acid databases?
pauls at ...6838...
Tue Sep 5 16:52:19 EDT 2006
--On Tuesday, September 05, 2006 14:44:09 -0400 "Jacob, Raymond A Jr"
<raymond.jacob at ...7622...> wrote:
> PS: I tried the archive script but had trouble with Perl modules, the DBI
> mysql module as I
> remember. The script would not login to the database. After modifying the
> script so it could
> login, the script seemed to want to move the alerts to the snort_archive
> the database.
> I could not figure out how to delete without archiving. I also never
> knew if the script was working. My tables where so big that it took
> forever so I just
> killed the script. As a suggestion for large tables you might want to
> Delete one minute
> of data a time just so you can maintain a running total and if you have
> to interrupt the
> the DELETE at least you know that up to that point X-records have been
> deleted. As I recall
> BITIO(before I took it over) the previous administrator had the archive
> script working.
> It took about 20-30 days to delete a month's worth of snort_archive
> data on a production system. Deleting the previous day's alerts from the
> snort database
> took about six hours. Causing updates to acid_event to fail until the
> Delete finished.
> I apologize in advance if my difficulties were a result of my ignorance.
> I do appreciate
> your help.
Did you read the README file? Did you edit the config?
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 4085 bytes
Desc: not available
More information about the Snort-users