[Snort-users] Database Archival

Susan Kay Coulter skc at ...440...
Mon Oct 15 15:20:09 EDT 2001


I build those static tables with the create script for my archive database.
I don't archive the flags or protocol tables either.  Those are also built with
static definitions in the create script.  
Doesn't mean you can't add them to your version of the scripts if you feel more
comfortable that way.


> Hello,
> 
> I have a quick question. I am not very familiar with mysql never mind trying to
> archive data off to another
> mysql DB. So here goes. I have copies of Susan Kay Coulter's Perl scripts, but
> they appear to only archive the
> following tables.
> 
> acid_ag
> acid_ag_alert
> acid_ip_cache
> reference
> reference_system
> schema
> sensor
> sig_reference
> signature
> iphdr
> tcphdr
> udphdr
> icmphdr
> data
> opt
> acid_event
> 
> The following tables are not read from.
> 
> detail
> encoding
> sig_class
> 
> Shouldn't the data in these tables be archived as well? Thanks!
> 
> vjl
> 
> 
> 
> Susan Kay Coulter wrote:
> 
> > There is a glitch in mysql.  The user that attempts the archive using the
> > 'outfile' option must have FILE privileges in the user table.  The GRANT
> > command, which is usually used to grant privileges, does not successfully put a
> > Y in the column for file privileges in the user table.  I was forced to
> > manually updated the table and place a Y in the file privileges column.
> > (Then you must run the FLUSH privileges command.)
> >
> > I did not mention this in my earlier post - because I was not sure if it was
> > specific to my installation of mysql.  Apparently (since you are not the first
> > person to ask about this) it is a problem with mysql.
> >
> > On Mon, 15 Oct 2001, you wrote:
> > >
> > > Hi Susan,
> > >
> > > I am trying to use your script, but I have run in to a strange problem.
> > > Here is the error I am getting.
> > >
> > > srems# ./archive.pl
> > > DBD::mysql::st execute failed: Can't create/write to file
> > > '/vol1/mysql/archive/event.arc' (Errcode: 13) at ./archive.pl line 186.
> > > DBD::mysql::st execute failed: Can't create/write to file
> > > '/vol1/mysql/archive/event.arc' (Errcode: 13) at ./archive.pl line 186.
> > >
> > >
> > > I can't figure out why it is complaining about this? Any ideas? Thanks!
> > >
> > > vjl
> > >
> > > --
> > >  V.Jay LaRosa                           EMC Corporation
> > >  Systems Administrator                  171 South Street
> > >  (508)435-1000 ext 14957                Hopkinton, MA 01748
> > >  (508)497-8082 fax                      www.emc.com
> > >
> > >
> > >
> >
> > ----------------------------------------
> > Content-Type: text/html; name="unnamed"
> > Content-Transfer-Encoding: 7bit
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > Susan Coulter
> > Network Security Team
> > CCN-5 Network Engineering
> > Los Alamos National Laboratory
> > voice: (505) 667-8425
> > fax:   (505) 665-7793
> 
> --
>  V.Jay LaRosa                           EMC Corporation
>  Systems Administrator                  171 South Street
>  (508)435-1000 ext 14957                Hopkinton, MA 01748
>  (508)497-8082 fax                      www.emc.com
> 
> 
> 

----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: 7bit
Content-Description: 
----------------------------------------

-- 
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
voice: (505) 667-8425
fax:   (505) 665-7793




More information about the Snort-users mailing list