Bruce,
        I found this to be an issue as well. I wrote a simple script that optimizes the tables at night. I run this script every night at like 1:00 or so. I created a simple cron job as root and made a file called op.snort. Here is everything I use. Hope this helps.

cron job
----------
/usr/local/mysql/bin/mysql snort -u snort -ppassword< ./op.snort

file op.snort
------------
OPTIMIZE TABLE `acid_ag`;
OPTIMIZE TABLE `acid_ag_alert`;
OPTIMIZE TABLE `acid_event`;
OPTIMIZE TABLE `acid_ip_cache`;
OPTIMIZE TABLE `data`;
OPTIMIZE TABLE `detail`;
OPTIMIZE TABLE `encoding`;
OPTIMIZE TABLE `event`;
OPTIMIZE TABLE `icmphdr`;
OPTIMIZE TABLE `iphdr`;
OPTIMIZE TABLE `opt`;
OPTIMIZE TABLE `reference`;
OPTIMIZE TABLE `reference_system`;
OPTIMIZE TABLE `schema`;
OPTIMIZE TABLE `sensor`;
OPTIMIZE TABLE `sig_class`;
OPTIMIZE TABLE `sig_reference`;
OPTIMIZE TABLE `signature`;
OPTIMIZE TABLE `tcphdr`;
OPTIMIZE TABLE `udphdr`;

Mike Walter, MCP
PCD Network Solutions, Inc.
3z.net a PCD Company
<http://www.3z.net>
"When Success is the Only Solution t h i n K 3z.net"

-----Original Message-----
From: Bruce Platt [mailto:Bruceei3.com]
Sent: Monday, November 04, 2002 12:49 PM
To: snort-userslists.sourceforge.net
Subject: RE: [Snort-users] Mysql cleanup script?

On a similar subject, Over time, even with deleting old alerts, the DB
itself grows. What's the best way to "shrink" it, so that it takes up less
space on disk?

I thought Roman had posted something like this, but I can't seem to find it.
Or, perhaps I imagined it.

Regards

> -----Original Message-----
> From: Nathan Whitehouse [mailto:nwhitehousecompendiumusa.net]
> Sent: Monday, November 04, 2002 9:04 AM
> To: snort-userslists.sourceforge.net
> Subject: [Snort-users] Mysql cleanup script?
>
>
> Dose anyone have a Mysql cleanup script?
> Something I can run once a week or month to clean out my
> Mysql database for
> snort alerts.
>
> Thanks
>
> Nathan Whitehouse
> Network Operations & Systems Administrator
> CompEndium Services Inc.
> Main 877-709-2667
> Local 678-985-5678
> Direct 770-822-6697
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ApacheCon, November 18-21 in
> Las Vegas (supported by COMDEX), the only Apache event to be
> fully supported by the ASF. http://www.apachecon.com
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]