Re: [Snort-users] Snort, Mysql purging

--=-USkW5a2E2A0LE8fQKEnH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-12-10 at 17:36, Josh Berry wrote:
> I HIGHLY suggest NOT deleting the information. I suggest having a
> secondary archive db that you move stuff like Welchia too when you think
> you don't need it anymore.=20

I guess that all depends on your or your company's policy. You can dump
certain data. I routinely dump the contents of the DATA table for
certain signatures after a period of time. I don't see a reason to keep
the same exact content for, say, the SQL-Slammer in the DB. Other
content (IPHDR and friends) is archived. But certain ballast is dumped.

You need to consider the usefulness of the data. Will you ever go back
to data from IPHDR for an event that occurred a year ago?

Perhaps this thread can evolve into a DB/data retention policy thread.
To yell categorically "yes" or "no' is wrong. The correct answer is
"depends" :)

Cheers,
Frank


--=-USkW5a2E2A0LE8fQKEnH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQA/17K9po+MRgtrF98RAntEAKDiUMtIhr7y5KU2NbuCU2Y1no/KvgCeKSwG
6jqbxVkgRIBXTJ5YhlorjCE=
=Oh/X
-----END PGP SIGNATURE-----

--=-USkW5a2E2A0LE8fQKEnH--



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users