Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » Snort and MySql Maintenance question...

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Snort and MySql Maintenance question...


Posted by sartir29 on March 10, 2005 06:37:05

Newbie here...just wondering if anyone has posted a question regarding how to go about cleaning out the MySql db once it becomes full (other than just dropping the db and recreating it)...If not, I'm looking for a clean script that might do the trick...
Thanks for the help and I apologize if this topic has already been addressed..
sartir29

Posted by maverick on March 10, 2005 06:40:06

Are you talking about a purge script that would clean out events older than a certain date? What OS would this be for?

Posted by sartir29 on March 10, 2005 09:46:09

you are correct...purging the acid_event table after a certain date via a script would be perfect...I am running Fedora Core 2...
I hope this helps!!!
Thanks in advance...
sartir29

Posted by maverick on March 10, 2005 10:09:07

I don't personally use ACID, but I am familiar with its DB schema. I have a perl script that I use on RH 9.0 (2.6.10 kernel) that purges old events from all snort event tables in MySQL after a specified number of days. I can tack acid_event onto the delete list and you can try it out if you like. If you want it, I can email it to you.

Posted by sartir29 on March 10, 2005 10:17:41

great...I'll try it out...you can email it to sartir29@yahoo.com...
Thanks,
sartir29

Posted by maverick on March 10, 2005 10:24:18

On its way, let me know how it works out.

Posted by scott34 on March 16, 2005 06:08:17

maverick, if you have a chance...would you mind sending me a copy of your script? I run FreeBSD, but I doubt there would be much (if anything) to change to get it to run.

email: scott.foss@northlandcollege.edu

I haven't had time to clear my db since I got it up and running last month. Thankfully I have enough space on the hard drive...but the db is getting large (over 1.4 million alerts). But I'd love to have something automated like what you have created.

Scott

Posted by maverick on March 21, 2005 06:06:39

Sorry about the wait. I sent it to the Snort guys and hopefully they'll post it up in the contrib section in the near future.

Posted by hmajnoonian on December 10, 2005 17:32:03

Does anybody know where can I find the script to purge on BSD?

Posted by BrandonGreenwood on December 12, 2005 16:01:24

http://www.snort.org/reg-bin/forums.cgi?forum_id=1&topic_id=108
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.