Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 300,000 alerts in Database from spp_asn1

From: "Randy Bey" <Randy.Bey () rivernorthsys com>
Date: Mon, 28 Oct 2002 14:23:32 -0700
Yes, that doggone asn1 thing bit me too. I stopped it toot sweet as it
was logging dozens every minute from the git go. Needs more work as a
plugin, is my guess.
As far as deleting a zillion records, you need to be a bit more specific
in your sql query. I would use the 'search' link under acid and restrict
your alert time to one day at a time. I hope this would help.

Randy Bey
RiverNorth Systems
7300 W 147th St Suite 300
Apple Valley, MN 55124
http://www.rivernorthsys.com



-----Original Message-----
From: Nicholas Bachmann [mailto:nbachmann () mail davison k12 mi us]
Sent: Friday, October 25, 2002 6:10 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] 300,000 alerts in Database from spp_asn1

    Through some weirdness, spp_asn1 on Snort 1.9 has flooded my
PostgreSQL database with over 300,000 alerts (which seem to be
false-positive, or at least not malicious), which has not made the DB
very happy :-).  The actual probem is peripheral to my actual

question,

but I'm sure somebody is interested; I will provide details on or off
list.
    My questions is this: how does one go about deleting those 300,000
alerts.  Just doing a delete in ACID doesn't cut it; I left it

deleting

over a weekend and that didn't work (probably timed out) and while
deleting no alerts are able to be added to the database, and I can't
check it anyway (transaction block?).
    Any ideas?

--
      Regards,
      Nick

      Nicholas Bachmann, SSCP
      Tech Department
      Davison Community Schools






-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: