Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Your code has a lot of regularity, but you're not exploiting that. You can reduce a lot of potential maintenance headaches by doing so. I'd rewrite it as follows. 

use strict;
use DBI;

# Check arguments first
if (@ARGV != 2)
{
    die "Need exactly two args, got ", scalar(@ARGV), "\n";
}

# Set up all our SQL
my $time_sql =
    'select sid, cid from acid_event where timestamp between ? and ?';

my @tab_sql;
foreach (qw(event iphdr tcphdr udphdr icmphdr
        opt data acid_ag_alert acid_event))
{
    push @tab_sql =>
    "delete from $_ where "
    . ($_ eq 'acid_ag_alert'             # this one's different
        ? 'ag_sid = ? and ag_cid = ?'
        : 'sid = ?    and cid = ?');
}

# Connect to the database
my $db = DBI->connect(qw(dbi:mysql:snort acid_user secret))
    or die "Can't connect: $DBI::errstr\n";

# Get outer level data
my ($outer_sth, $inner_sth);
my ($sid, $cid);

eval {
    $outer_sth = $db->prepare($time_sql);
    $outer_sth->execute(@ARGV);
    $outer_sth->bind_columns(undef, \$sid, \$cid);
};

die $@ if $@;

# Loop for each row of data
while ($outer_sth->fetch())
{
    foreach (@tab_sql)
    {
    eval {
        $inner_sth = $db->prepare($_);
        $inner_sth->execute($sid, $cid);
        $inner_sth->finish();            # not really necessary
    };
    die $@ if $@;
    }
}

$outer_sth->finish();         # not really necessary

[download]
The whole trick, if you can call it that, is to notice that all your SQL statements vary in the table name, and only once in the column name. It's gravy after that.

Note, I've only tested this to a limited extent since I don't have snort.

In reply to Re: Cleanup ALerts in Snort/ACID Mysql DB by VSarkiss
in thread Cleanup ALerts in Snort/ACID Mysql DB by draper7

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (3)
As of 2024-04-19 19:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found