[Snort-users] Snort DB: move / copy alerts from one DB to another?

Moyer, Shawn SMoyer at ...5894...
Mon Jul 29 13:23:02 EDT 2002


### This isn't addressed anywhere I can find, and since I'm not much of a
DBA, I thought I'd ask to the list before I try to figure it out on my own.

I've recently moved one of my sensors from a local MySQL DB to a remote one
via stunnel. When I did this, I went ahead and just tar'd up the Snort DB
and scp'd it to the other box, which worked like a charm. 

One snag, tho: the box was rebooted unexpectedly and the old MySQL instance
came up locally on the sensor, with the local MySQL listening on
127.0.0.1:3306, which was the same socket I was using with stunnel, and
since the MySQL init was before the stunnel one, for a few days the sensor
was logging to the local DB instead of to the remote one.

At this point I've got around 1000+ alerts I need to move over from the
local to the remote DB, from approximately 07/23/2002 to 07/29/2002. Can
anyone give me a hand with some SQL to pull this off?




--shawn







More information about the Snort-users mailing list