[Snort-users] accessing archived data

John Ruff jruff at ...2053...
Sun Oct 7 07:31:02 EDT 2001


I am currently using the dual directory to access my archived database.  However,  
I've run into a little problem with regards to this setup.  Because the alerts 
are being logged into the 'active DB' only the ACID tables in the
'active DB' are being updated.  Then when you archive events to your
'archive DB' the entries in the 'active DBs' ACID tables are not
archived(move or copy) as well.  Therefore when you go to display the
stats for your 'archive DB' via ACID the counts are not updated.  You
have to manually delete the ACID tables, then hit the
'acid_archive/index.html' page to have the tables recreated and the
'archive DB' parsed again.  Then the counts are correct.  

Does anyone have a solution that will allow the related ACID table
events to be archived to the 'archive DB' when doing a move or copy from
the 'active DB'?

Best Regards,
John

> 
> Creating another instance of ACID in another directory is the only way to
> possible right now to view the archive and live database simultaneously.
> 
> cheers,
> Roman
> 
> > Please forgive what is obviously a newbie question...
> > 
> > I've got snort and ACID running happily and today I started playing with the
> > archive functions under mySQL. I've created the archive database, added its
> > particulars to the acid_conf.php, and apparently successfully moved events
> > from the live db to the archive. Now what is the simplest method of going
> > back to review the archive? I've played with the idea of creating a second
> > acid directory on the web server with a different acid_conf.php, but I was
> > wondering if there is a simpler method that I am missing.

> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
> 
> 
> End of Snort-users Digest






More information about the Snort-users mailing list