Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Big MySQL-Database

From: "Patrice Boulanger" <pboulanger () fr externall net>
Date: Wed, 8 Jan 2003 12:48:52 +0100
hello snort user,

you could use the mysqlhotcopy command to copy your database:

mysqlhotcopy -p=<password> --allowold snortdb SnortAcid

this command copy the database snort to a new db SnortAcid (created if
necessary). You must use --allowold because mysqlhotcopy will abort if
target already exists. You could also use --keepold (try mysqlhotcopy --help
for signification). Beware that the SnortAcid database will be lost on each
rotation.

after the hot copy, you must also delete lines from the snort database:
for example:

---------------------- (not tested !!!)

for i in "acid_ag acid_ag_alert acid_event acid_ip_cache data detail
encoding event icmphdr iphdr opt reference reference_system schema sensor
sig_class sig_reference signature tcphdr udphdr'; do
        echo "delete from $i;" | mysql -D snort -p <password>
done

---------------------- (not tested !!!)

put this two commands in a shell script and add a cron entry to run it every
2 days.

Hope it will help you.

Regards,

-----Message d'origine-----
De : snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]De la part de Kraus,
Thorsten
Envoyé : mercredi 8 janvier 2003 11:50
À : snort-users () lists sourceforge net
Objet : [Snort-users] Big MySQL-Database


Hello Snort Users,

I've set up an Snort system on linux. I use MySQL to store the data from
snort a; nd I use ACID to analyze this data.
But when snort runs a few days, the database is very big and acid runs only
very slowly.

I want to store the data only for eg. 2 days in the database. If the 2 days
are over, then the database should be copied to snortAcidOld and a new
database named SbortAcid should be created. Have you any idea how I can
solve this problem in this or any other way?

I'm looking forward to your answers!



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: