[Snort-users] Where's Waldo?

Peter Bates peter.bates at ...15381...
Thu Oct 11 15:58:12 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 11/10/2012 20:29, AllowOverride wrote:
> just a test, i will clear tables, and close browser, come back in 1
> hour increments, and see if that is the issue, it takes an hour to
> input new data after base clear table buttons have cleared. im
> assume there is a switch in the configs to make it quicker.

I've never personally looked for the option to clear tables in BASE
but I can say I use a script called archivesnort.pl which moves alerts
after 7 days to the archive DB and deletes them after 30.

If that is available with BASE I'd suggest you try that - i.e. modifying
the database outside of the web interface - if you can't find it I can
post it to the ML.

That's what we do and I've never seen the problem you're describing.

Alternatively, why not look at Snorby as a WUI - that has an inbuilt
option to trim(*) the database after a fixed number of events.

* - by trim I mean 'delete oldest events but not the entire contents
of the table' - I can't think of a better word.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQdyTUAAoJELhVoVpEMS6RsvgH/iJ00PzneI6hlwoFiZz2Xtab
D+T9Xr69BcHxlZ8FLpWWkkJQWxaeLIIQUKs6yWdkeD3Nn+8P9prpHFfdCeIV55a4
ICMyIuPj09EMMWyTLQzO2+VZwYh4RmJ4e/XuyD2VAfYobScJdrz6/fHsV6mn0Bm/
J3SaKlYA4Wm/ou+x5rvJW3J9gSOpQoLfLTUBqBnr3yv8SxiKJQw1WZvYHr2LF0lb
NxgaQlNjVZtokg0B3fIj6Dhhyecj7M+tjrSs0wqqXd5rU1oOgvDwdiLr1LfYNCAs
zBd87P9j1mVF9VlLgBhtLr+3/jOVIGAooQK4QWOtLtASmrlBOp7H4rhhIxvP5oQ=
=S82d
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list