I was trying to optimize the data table in the snort database and
data.MYI got corrupted. During the optimization I ran out of disk space.
I never initialized base for snort_archive. Consequently, I have no
acid_event table in snort_archive and I am not sure how long
It would take to build one. The sensors send alerts to snort and
snort_archive at the same time. I need to find the portion of=20
10 packets in data.data_payload. I have the cid's from snort. I was
wondering if cid's in snort archive would be the same?
Then I could use those cids to find the data_payload in snort_archive
I will make copy of data.MYD and run
1. shell> mysql snort
2. mysql> SET AUTOCOMMIT=3D1;
3. mysql> TRUNCATE TABLE data;
4. mysql> quit
5. Copy the old data file back onto the newly created data file.
(Do not just move the old file back onto the new file. You want to
retain a copy in case something goes wrong.)=20
Go back to Stage 2. myisamchk -r -q should work. (This should not be an
Feature request: Delete does not work for large files in mysql very
well. Instead of creating two databases
Snort could create a new set of tables with the prefix of the year-month
then after a retention period the tables could be dropped.
Making management of the database more hands off.