Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » Got it working. How do I clear out the Snort database?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Got it working. How do I clear out the Snort database?


Posted by BeanDip on March 16, 2005 04:47:17

Now that I have Snort working using MySQL on Fedora 3 I would like to clear out the Snort database so that it has a fresh start. Currently it has over 3000 alerts from my NMap testing that are bogus.

Is their a way to do this using MySQL prompts?

Thanks

Posted by maverick on March 16, 2005 05:06:43

I have a perl script that I sent to another guy on here if you want it. I've run it on redhat and its needs the perl module DBD::Mysql. It cleans the database of all events and associated data that is older than a specified time interval. Let me know if you want it.

Posted by maverick on March 16, 2005 06:19:51

if you just want to blast and rebuild the whole thing, and you have the database build script that comes with snort ("create_mysql"), you can just do this:

'echo "drop database snort" | mysql --user=user --password=password; mysql --user=user --password=password < /path/to/create_mysql'

Posted by BeanDip on March 16, 2005 16:47:45

Your Perl script sounds exactly like what I am wanting. Could you send a copy to brett@univ-computers.com?

This way I can do regular maintenance by stripping out anything older than 6 months.

Thanks!

Posted by SKyo on March 17, 2005 03:46:17

Im interested in this perl script too, send me a copy to jsianes@cajamar.es . Thanks for all.

Posted by Asha2442004 on March 30, 2005 03:15:29

Hi,
Can you pls. send the perl script to the below address aswell? Thanks in advance, apprecaite it!
gvprasanna@hotmail.com

Posted by cregenye on April 07, 2005 09:51:22

I really really hate to jump on the "me too" bandwagon, but it would save me some time.

so, if you haven't started ignoring this thread yet I could also use a copy sent to christopher.regenye@prnewswire.com

and... thanks. ;-)

Posted by markvo on April 28, 2005 06:27:00

I'd like to get a copy of that perl script also.

markvo@morris.umn.edu

Posted by pwheat on May 02, 2005 07:56:59

Anyone get a copy of this script? Or is there a better way to clear the databases now?

Posted by pwheat on May 02, 2005 07:57:57

Anyone get a copy of this script? Or is there a better way to clear the databases now?

Posted by cybersekkin on December 08, 2005 10:04:01

hate to say it but I am looking for a copy of this perl script. if someone sends it to me
I will add a link here and upload it on my server.

Posted by BrandonGreenwood on December 12, 2005 15:48:38

Here is one that I have used for Snort and Acid in the past that was produced by Paul Schmehl.

http://ntsug.org/downloads/archivePlus.tar.gz

Posted by julioccastro on June 29, 2006 10:46:08

Im interested in this perl script too, send me a copy to julio.castro@raboank.com
Thanks for all.


Posted by duunoit on October 11, 2006 05:13:39

Is there anyway to make this work with MSSQL? Thanks

Chris

Posted by Ormsfang on October 12, 2006 07:55:21

I use BASE in conjunction with Snort. It will clear the tables and clear and rebuild the alert cache for you.

Posted by duunoit on October 12, 2006 08:13:52

I just found that link in BASE yesterday. I want to say that I clicked the clear tables button and it never worked correctly again (until I dropped the databases and re-created them). I'll try it again.

Posted by ibmhpdell08 on June 09, 2008 11:33:48

may I have a cope of the script as well?
please send it to ibmhpdell08@yahoo.com
Thanks!

Posted by gilly05 on June 12, 2008 17:38:14

anybody still have the script?? I REALLY need it! I have also heard people refer to a file (archiveplus.tar.gz) that was available as a download somewhere. However, the link to that file is dead and I can't find it. Anyone who stumbles across this thread who knows how to get this done (auto archiving to the archive database NOT using BASE), please post how it's done... thanks in advance!
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.