[Snort-users] FW: Script to purge snort and acid databases?

Paul Schmehl pauls at ...6838...
Tue Sep 5 16:52:19 EDT 2006


--On Tuesday, September 05, 2006 14:44:09 -0400 "Jacob, Raymond A Jr" 
<raymond.jacob at ...7622...> wrote:

> PS: I tried the  archive script but had trouble with Perl modules, the DBI
> mysql module as I
>  remember. The script would not login to the database. After modifying the
> script so it could
>  login, the script seemed to want to move the alerts to the snort_archive
> the database.
>  I could not figure out how to delete without archiving. I also never
>  knew if the script was working. My tables where so big that it took
> forever so I just
>  killed the script. As a suggestion for large tables you might want to
> Delete one minute
>  of data a time just so you can maintain a running total and if you have
> to interrupt the
>  the DELETE at least you know that up to that point X-records have been
> deleted. As I recall
>  BITIO(before I took it over) the previous administrator had the archive
> script working.
>  It took about 20-30 days to delete a month's worth of snort_archive
>  data on a production system. Deleting the previous day's alerts from the
> snort database
>  took about six hours. Causing updates to acid_event to fail until the
> Delete finished.
>  I apologize in advance if my difficulties were a result of my ignorance.
> I do appreciate
>  your help.
>
Did you read the README file?  Did you edit the config?

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 4085 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060905/579f2a03/attachment.bin>


More information about the Snort-users mailing list