sguil-db-purge needs to purge history table as well #406

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 4 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
sguil-db-purge needs to purge history table as well

Original issue reported on code.google.com by doug.bu...@gmail.com on 31 Oct 2013 at 2:45

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

https://groups.google.com/d/topic/security-onion/qcDgy0Meh5M/discussion

As a band-aid, I added the following code to the beginning of the cleanup() 
function in the sguil-db-purge script:

/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE 
timestamp < DATE_SUB(NOW(), INTERVAL 90);" -D $DATABASE

This should keep a rolling 90-day history and speed up any upgrades/maintenance.

Original comment by doug.bu...@gmail.com on 31 Oct 2013 at 2:45

  • Added labels: ****
  • Removed labels: ****
https://groups.google.com/d/topic/security-onion/qcDgy0Meh5M/discussion

As a band-aid, I added the following code to the beginning of the cleanup() 
function in the sguil-db-purge script:

/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE 
timestamp < DATE_SUB(NOW(), INTERVAL 90);" -D $DATABASE

This should keep a rolling 90-day history and speed up any upgrades/maintenance.

Original comment by doug.bu...@gmail.com on 31 Oct 2013 at 2:45

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Added the following:

        /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" -D $DATABASE

Original comment by doug.bu...@gmail.com on 9 Jun 2014 at 1:20

  • Added labels: ****
  • Removed labels: ****
Added the following:

        /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" -D $DATABASE

Original comment by doug.bu...@gmail.com on 9 Jun 2014 at 1:20

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/Wy55RCCpsvc/discussion

Original comment by doug.bu...@gmail.com on 10 Jun 2014 at 11:24

  • Added labels: ****
  • Removed labels: ****
Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/Wy55RCCpsvc/discussion

Original comment by doug.bu...@gmail.com on 10 Jun 2014 at 11:24

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://blog.securityonion.net/2014/06/new-securityonion-sguil-db-purge.html

Original comment by doug.bu...@gmail.com on 12 Jun 2014 at 9:59

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2014/06/new-securityonion-sguil-db-purge.html

Original comment by doug.bu...@gmail.com on 12 Jun 2014 at 9:59

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment