Snort mailing list archives
Re: How do I clean up when ACID fails like this?
From: "Kenneth G. Arnold" <bkarnold () cbu edu>
Date: Mon, 24 Feb 2003 13:42:48 -0600
I use a shell script and an sql script to clean our mysql database in Solaris. This also cleans the acid tables. The script will prompt you for the password.
Use your values for username, host,db and mysql location.The cleanall.sql script needs to be in the same directory as the cleanall.shl script. I have given you two different versions of the cleanall.sql script. One uses the delete command to remove all the rows from the table. The other uses the truncate command to drop and rebuild the table. The truncate command should work faster, especially if you have very large tables. I use the delete command version because I generally clean the tables before they get so big that the extra time for the delete command becomes a factor.
cleanall.shl ============================== #!/bin/ksh username=snort host=localhost db=snort mysql='/usr/local/mysql/bin/mysql' $mysql -h $host -u $username -p $db < cleanall.sql cleanall.sql =================== delete from data; delete from event; delete from icmphdr; delete from iphdr; delete from opt; delete from tcphdr; delete from udphdr; delete from signature; delete from sig_class; delete from sig_reference; delete from reference; delete from reference_system; delete from acid_event; delete from acid_ip_cache; cleanall.sql =================== truncate table data; truncate table event; truncate table icmphdr; truncate table iphdr; truncate table opt; truncate table tcphdr; truncate table udphdr; truncate table signature; truncate table sig_class; truncate table sig_reference; truncate table reference; truncate table reference_system; truncate table acid_event; truncate table acid_ip_cache; Ken Arnold At 02:10 PM 2/24/03 -0500, Aaron The Young wrote:
Hello, I have way too much in my SQL database at this time and trying to delete selected alerts causes the following error:Fatal error: Maximum execution time of 180 seconds exceeded in /usr/share/acidlab/acid_db.inc on line 260I'd love to find a simple way to just erase everything in my SQL database until I get my rules set in Snort, but ACID doesn't seem able to help me out. Any suggestions? Thanks, Aaron ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Brother Kenneth Arnold System Administrator Information Technology Services Christian Brothers University (901) 321-4333 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How do I clean up when ACID fails like this? Aaron The Young (Feb 24)
- Re: How do I clean up when ACID fails like this? Ken Gunderson (Feb 24)
- Re: How do I clean up when ACID fails like this? Demetri Mouratis (Feb 24)
- Re: How do I clean up when ACID fails like this? Kenneth G. Arnold (Feb 24)
- Re: How do I clean up when ACID fails like this? Jon (Feb 24)
- <Possible follow-ups>
- RE: How do I clean up when ACID fails like this? McPheeters, Scott (Feb 24)
- RE: How do I clean up when ACID fails like this? Hutchinson, Andrew (Feb 24)