Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] BASE/AAnval MySQL dbase management

from [Paul Schmehl] Network Security [Permanent Link]
Subject: Re: [Snort-users] BASE/AAnval MySQL dbase management
Date: Sat, 22 Apr 2006 08:25:16 -0500
--On April 20, 2006 9:59:19 AM -0400 John Hally <JHally@epnet.com> wrote: 

I'm curious as to how people are managing the mysql backend data that
snort reports.  I've been mulling over adding syslog entries to the mix,
but with the amount of denies I see at the borders/firewalls, the
database is going to get unwieldy pretty fast.  Not being a DBA but
knowing enough to get things up and running, is there any 'canned'
scripts out there to help me out? I'm thinking along the lines of
possibly archiving daily/weekly, having the dbase drop entries older than
X, or something to that effect.

I have written a perl script that archives the db based upon your choice of length of time (I use 7 days.) I just completed a php script that allows you to delete all the alerts from a single IP. I'll be releasing it in the near future, after I've done some cleanup and documented it better.

You can find the archive script in the downloads section at http://www.ntsug.org/.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/

Attachment: p7s2RMJuXU0cf.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort 2.4.4 on CentOS 4.3 won't listen on ppp0, Randal T. Rioux
Next by Date:  [Snort-users] RE: BASE/AAnval MySQL dbase management, Administration
Previous by Thread:  [Snort-users] BASE/AAnval MySQL dbase management, John Hally
Next by Thread:  RE: [Snort-users] BASE/AAnval MySQL dbase management, Irons, Clarence
Indexes:  [Date] [Thread] [Top] [All Lists]