[Snort-users] Where's Waldo?
peter.bates at ...15381...
Thu Oct 11 15:58:12 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 11/10/2012 20:29, AllowOverride wrote:
> just a test, i will clear tables, and close browser, come back in 1
> hour increments, and see if that is the issue, it takes an hour to
> input new data after base clear table buttons have cleared. im
> assume there is a switch in the configs to make it quicker.
I've never personally looked for the option to clear tables in BASE
but I can say I use a script called archivesnort.pl which moves alerts
after 7 days to the archive DB and deletes them after 30.
If that is available with BASE I'd suggest you try that - i.e. modifying
the database outside of the web interface - if you can't find it I can
post it to the ML.
That's what we do and I've never seen the problem you're describing.
Alternatively, why not look at Snorby as a WUI - that has an inbuilt
option to trim(*) the database after a fixed number of events.
* - by trim I mean 'delete oldest events but not the entire contents
of the table' - I can't think of a better word.
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Snort-users