[Snort-users] Where's Waldo?
allowoverride at ...11827...
Thu Oct 11 17:37:30 EDT 2012
im looking into snorby, since base is dead... thanks
On Thu, 2012-10-11 at 20:58 +0100, Peter Bates wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hello all
> On 11/10/2012 20:29, AllowOverride wrote:
> > just a test, i will clear tables, and close browser, come back in 1
> > hour increments, and see if that is the issue, it takes an hour to
> > input new data after base clear table buttons have cleared. im
> > assume there is a switch in the configs to make it quicker.
> I've never personally looked for the option to clear tables in BASE
> but I can say I use a script called archivesnort.pl which moves alerts
> after 7 days to the archive DB and deletes them after 30.
> If that is available with BASE I'd suggest you try that - i.e. modifying
> the database outside of the web interface - if you can't find it I can
> post it to the ML.
> That's what we do and I've never seen the problem you're describing.
> Alternatively, why not look at Snorby as a WUI - that has an inbuilt
> option to trim(*) the database after a fixed number of events.
> * - by trim I mean 'delete oldest events but not the entire contents
> of the table' - I can't think of a better word.
> - --
> Peter Bates
> Senior Computer Security Officer Phone: +44(0)2076792049
> Information Services Division Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (Darwin)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users