#!/usr/bin/perl -w
#----------------------------------------
# name: snort_db_cleanup.pl
# description: script to cleanup snort/acid db (only tested w/mysql)
# goal: allows you to schedule db cleanup without using php frontend
# usage: snort_db_cleanup.pl "StartDate" "EndDate"
#----------------------------------------
print("Script Started ...\n");
use strict;
use DBI;
my $ds = "dbi:mysql:snort";
my $db_user = "idsuser";
my $db_pass = "idspasswd";
my $db = DBI->connect($ds, $db_user, $db_pass) or die $DBI::errstr;
my ($cid,$sid,$sql,$time_select,$exec_time_select);
my
($event,$iphdr,$tcphdr,$udphdr,$icmphdr,$opt,$data,$acid_ag_alert,$acid_event);
my
($exec_event,$exec_iphdr,$exec_tcphdr,$exec_udphdr,$exec_icmphdr,$exec_opt,$exec_data,$exec_acid_ag_alert,$exec_acid_event);
my %timeframe;
$timeframe{start} = $ARGV[0];
$timeframe{finish} = $ARGV[1];
chomp $timeframe{start};
chomp $timeframe{finish};
$time_select = "select sid,cid from event where timestamp >= '$timeframe{start}' and timestamp <= '$timeframe{finish}'";
$exec_time_select = $db->prepare($time_select);
$exec_time_select->execute();
$exec_time_select->bind_columns(undef,\$sid,\$cid);
while ($exec_time_select->fetch) {
$event = "delete from event where sid='$sid' and cid='$cid'";
$iphdr = "delete from iphdr where sid='$sid' and cid='$cid'";
$tcphdr = "delete from tcphdr where sid='$sid' and cid='$cid'";
$udphdr = "delete from udphdr where sid='$sid' and cid='$cid'";
$icmphdr = "delete from icmphdr where sid='$sid' and cid='$cid'";
$opt = "delete from opt where sid='$sid' and cid='$cid'";
$data = "delete from data where sid='$sid' and cid='$cid'";
$acid_ag_alert = "delete from acid_ag_alert where ag_sid='$sid' and ag_cid='$cid'";
$acid_event = "delete from acid_event where sid='$sid' and cid='$cid'";
$exec_event = $db->prepare($event);
$exec_iphdr = $db->prepare($iphdr);
$exec_tcphdr = $db->prepare($tcphdr);
$exec_udphdr = $db->prepare($udphdr);
$exec_icmphdr = $db->prepare($icmphdr);
$exec_opt = $db->prepare($opt);
$exec_data = $db->prepare($data);
$exec_acid_ag_alert = $db->prepare($acid_ag_alert);
$exec_acid_event = $db->prepare($acid_event);
$exec_event->execute();
$exec_iphdr->execute();
$exec_tcphdr->execute();
$exec_udphdr->execute();
$exec_icmphdr->execute();
$exec_opt->execute();
$exec_data->execute();
$exec_acid_ag_alert->execute();
$exec_acid_event->execute();
$exec_event->finish();
$exec_iphdr->finish();
$exec_tcphdr->finish();
$exec_udphdr->finish();
$exec_icmphdr->finish();
$exec_opt->finish();
$exec_data->finish();
$exec_acid_ag_alert->finish();
}
$exec_time_select->finish;
print("\n Script Execution Completed ..\n");
Click Here to Download
No comments:
Post a Comment