In the case of a sudden and unexpected surge of alerts,
or of the console being left alone for too long without
acknowledging for categorizing alerts, it is common for
both the console and sguild to have trouble processing
data, especially when sguidl or sguil.tk are started up.
It would be good if sguild or sguil.tk had an option to
acknowledge all new events so that they could be taken
out of the consoles. SInce sguil.tk becomes almost
inoperable during startup when there are too many
active events, including this in sguild as a command
line option would probably be best, or perhaps
including a SQL script with SGUIL that acknowledged all
Currently, the only option is to shut down the console
and sguild, log in to mysql with privileges to update
the event table, and run the following:
update event set last_updated = now(), status = 1 where
status = 0;
Then start up sguild and the console again.
Log in to post a comment.