[Snort-users] ACID with 2 archive databases?

Slighter, Tim tslighter at ...5174...
Tue Jan 7 07:22:04 EST 2003

What i have done is this:

I first create the main acid database and define an archive database in the
second section of the acid_conf.php file.  In the second file I use the
archive database as the primary ACID database and then define a second
archive database as the archive for the archive.  does that make sense?  

-----Original Message-----
From: Michael [mailto:snorter at ...158...]
Sent: Tuesday, January 07, 2003 7:31 AM
To: snort-users at ...382...
Subject: [Snort-users] ACID with 2 archive databases?


I'm using Snort 1.9.0 with ACID v0.9.6b22. I created an archive database and
use the ACID function to move the true alerts to the archive. 
All my charts an history comes from the archive database. The false
stay in the snort database, because I don't want to delete them. Sometimes
not shure if an alert is a false positive and sometimes I need to check an
old alert
a second time.
The problem is that we sometimes have more than one person working on the
in the snort database. And that is very difficult with thousands of old
alerts in this
Is it possible to use ACID with a second archive database (archive2) where
we can
move the false positives to? So that we've a snort database with only the
unexamined alerts. We want to move the true alerts to the archive1 database
the false positives to the archive2 databse.
Has anyone done something like this or have a need for it too?

Any ideas?

Thanx for you help,

+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list