[Snort-users] manual access to ACID databases

Susan Kay Coulter skc at ...440...
Wed Oct 10 14:27:11 EDT 2001



Oh yea -- as for the ip thing.   Definitely doable.  Use the archive.pl I sent
and change the driver table to iphdr.  (instead of event)  
On another note ... the number of columns defined in archive.pl may not be
correct for everyone.  I made manual changes to move from schema version 102 to
103 (which is where I'm at now) -- and I did not drop the columns that are no
longer used in 103 because I did not want to lose the old data.  Might want to
verify the column count.

> 
> Does anyone have a script to extract all entries for a particular IP
> address from a MySQL database?  I would like to stop logging to the
> snort.log file too, as this probably adds some load and gets erased every
> time I stop and start snort after a config change.  I hate logging the same
> thing to 3 places, 2 is bad enough.
> 
> Steve Rudolph CCSA, CCSE
> J. Walter Thompson
> World Wide IT

-- 
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
voice: (505) 667-8425
fax:   (505) 665-7793


-------------------------------------------------------



-- 
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
voice: (505) 667-8425
fax:   (505) 665-7793




More information about the Snort-users mailing list