You are going to have to remove rows from a few other tables as well..
Checkout:
http://www.ntsug.org/downloads.html
Jeff
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of
John Newman
Sent: Thursday, May 25, 2006 9:39 AM
To: snort-users@lists.sourceforge.net;
snort-devel@lists.sourceforge.net
Subject: [Snort-users] BASE/snort question
Hello,
I posted this to a BASE list, but I'm looking for feedback
quickly, so I
was wondering if anyone would care to give me a quick sanity check on
this little bitty script I hacked together to, basically, reduce the
size of my snort/BASE database, based on a cutoff date where I want to
delete events. Here is the code - thanks for any feedback!
(obviously
its quite rough, written quite quickly, I'm just trying to
make sure the
idea is sane and that I'm hitting the right tables).
#!/usr/local/bin/perl -w
use DBI;
use Getopt::Std;
$| = 1;
my $verbose = 1;
my @tables = qw(acid_event data event icmphdr iphdr udphdr);
sub initDB($$$$)
{
my ($host,$user,$pass,$db) = @_;
return
DBI->connect("dbi:mysql:database=$db;host=$host", $user, $pass);
}
sub get_cid($$)
{
my($dbh, $date) = @_;
my $sth = $dbh->prepare("SELECT cid from event where
timestamp > '$date' limit 1");
$sth->execute or
die "Unable to grab cid for date $date: $dbh->errstr\n";
return $sth->fetchrow_hashref->{cid};
}
getopt('u:p:h:d:c:', \%opts); # -u dbuser, -p dbpass, -h
dbhost, -d dbname,
# -c
cutoffdate u and d all have obvious
#
defaults, the others need to be specified
$db = length($opts{d}) ? $opts{d} : "snort"; # default to snort
$user = length($opts{u}) ? $opts{u} : "snort"; # default to
snort.. again!
if (!length($opts{p}) or !length($opts{h}) or !length($opts{c})) {
print STDERR "Usage: $0 -u dbuser -p dbpass -h dbhost
-d dbname -c cutoffdate (e.g. 2006-05-15)\n";
exit(1);
}
$pass = $opts{p};
$cutoff = $opts{c};
$host = $opts{h};
my $handle = initDB($host, $user, $pass, $db) or
die("Database error: " . DBI->errstr);
my $cid = &get_cid($handle, $cutoff);
print "Cid = $cid\n" if $verbose;
my $sth;
foreach my $table (@tables) {
$sth = $handle->prepare("DELETE from $table WHERE cid < $cid");
$sth->execute or
die "Unable to execute deletion: $handle->errstr\n";
}
--
John Newman
Systems Administrator, WebXess Inc.
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost
and Risk!
Fully trained technicians. The highest number of Red Hat
certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&;
dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
