[Snort-users] HOW TO archive alerts using ACID on a different DB???

Bruno Sicchieri bsicchieri at ...125...
Mon Dec 9 08:51:29 EST 2002


Hi,

I'm trying to archive alerts on a different db (not my current db for ACID) 
with no sucess!

My system is:
RedHat 7.3
Snort 1.8.7
MySQL 3.23.52-1
ACID 0.9.6b21

ACID is current archiving alerts on db "snort" using
the user "snort"

I want to archive all alerts from November on db
"snort_nov", so I created the db "snort_nov" and
created the same schema as "snort" using the
create_mysql script.
Then connected on "snort_nov" db and made this:

mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort_nov.* to snort;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort_nov.* to snort at ...274...;
mysql> flush privileges;
mysql> exit;

Then I updated the $archive_dbname, $archive_host,
$archive_user, $archive_password, $archive_port
variables in the ACID configuration file acid_conf.php
to reference the archive database "snort_nov".

So I runned the query which contains the alerts to be
archived (all alerts from November). At the bottom of
the query results in the 'Action' box no matter if a
choose "Archive -- copy" or "Archive -- move" or the
other 'Action' buttons (Selected, ALL on Screen or
Entire Query) I've got this:

-----------------------------
Added 0 alert(s) to the Alert cache

Ignored 50 duplicate alert(s)

No alerts were selected or the ARCHIVE-move was not
successful
------------------------------

PS.: I tested all combinations with no sucess.
The text-box following the combo-box was left blank.

Anyone could help me please???

Thanks, Bruno.



_________________________________________________________________
MSN Messenger: converse com os seus amigos online. 
http://messenger.msn.com.br





More information about the Snort-users mailing list