I had a snort mysql database that was huge so I wrote some scripts to
archive the data. I thought I would share them with everyone.

they are available at www.dirk.demon.co.uk/utils/snort-maint.zip

You need to run create_table.sql in your snort database to create
arch_data
arch_event
arch_icmphdr
arch_iphdr
arch_opt
arch_tcphdr
arch_udphdr
arch_timestamp

then you can edit run.sh on unix or run.bat to set your username and
password etc.

When you run the scripts it will copy all data older than 7 days from
event,icmphdr,iphdr,opt,tcphdr and udphdr to the arch_ tables then delete
the data.

If you can change the time period by editing stage1.sql.

I haven't done much testing so use at your own risk.

If you find any problems please let me know

Ian

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]