[Snort-users] MySQL & ACID Issues

Slighter, Tim tslighter at ...5174...
Fri Apr 25 11:55:03 EDT 2003

did you go into mysql and provide "grants" to whatever user has access to
the archive database?  and if so, what "grants" where provided?

-----Original Message-----
From: - - [mailto:zerobreak at ...8543...]
Sent: Tuesday, March 11, 2003 9:14 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] MySQL & ACID Issues

My current setup consists of snort logging to mysql, then using acid to view
the logs. Within the web server I have two copies of acid, one configured
for the live snort database, the other is for the archive. Making it easier
to move back and forth between both databases.

The problem that just showed up about a week ago is that if I go to move
events from the live database to the archive through acid. Acid says they
have successfully been moved, but when viewing the archived database, they
are not added. The database stays the same size with the same amount of
alerts before I tried moving any from the live database. They do in fact
disappear from the live database too. So if I go to move any alerts, they
disappear from the live, and never show up in the archive... losing the
events. Also if I check the individual mysql files on the file system, it
show's they have been modified.

Checking the logs of snort, apache, & mysql show's nothing out of the
ordinary. The live database continues to work fine with new events written
to it constantly. In the archive database, I can also delete events. But not
copy or move. I tried deleting the snort_archive database and starting over
from 0 events before trying to restore the backup, this also did not work. I
have a feeling that it's something to do with acid, but I'm not sure. I
tried a freshly untared copy of acid and adodb, but this also did not work.
My versions are listed below, and any help is greatly appreciated. For now
all I can do is leave all the alerts in the live database. But it's getting
quite cumbersome.

Slackware 8.1
Snort 1.9.0
MySQL 3.23.55
Adodb 3.10
Acid 0.9.6b23

Thanks again,

This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list