[Snort-users] ACID with 2 archive databases?
snorter at ...158...
Wed Jan 8 03:40:03 EST 2003
That's what I do at the moment. But it would be more practicable to have
only one ACID instance to work with 3 or more databases.
Perhaps this feature will be there in the next version of ACID.
Is it a great deal to insert this feature in ACID? Unfortunately I've no
practical knowledge with programming php.
Maybe Roman can answer this questions. ;-)
> Would it be feasible/practical to setup multiple web server instances
> ACID, each with its own config files to tell it which databases to use?
> Acid instance #1 would point to the main/live db that snort uses, and a
> false-positives database.
> Acid instance #2 would point to the main/live db that snort uses, and
> 'to be further addressed' database.
> And then possible a 3rd instance of Acid would have the 'to be further
> addressed' database as its primary.
> It would be a bit confusing to be sure.
> -----Original Message-----
> From: Matías Bevilacqua [mailto:matias at ...7932...]
> Sent: Tuesday, January 07, 2003 10:05 AM
> To: 'Michael'; snort-users at ...382...
> Subject: RE: [Snort-users] ACID with 2 archive databases?
> Well the need is there for sure, being able to work with "n" databases
> for sure something nice to have. Not only for your needs but a typical
> 3-tire (n-tire) inspection of alerts is something nice to have in large
> deployments. I'll be glad to hear of any developments in this area.
> Matías Bevilacqua Trabado
> PGP-ID: 0x3FFD6E18
> PGP Fingerprint: 9FA3 06A1 3CAE 5996 1716 D9DF 3CE7 E88D 3FFD 6E18
> "This e-mail may contain confidential and/or privileged information. If
> are not the intended recipient (or have received this e-mail in
> error) please notify the sender immediately and destroy this e-mail.
> unauthorized copying, disclosure or distribution of the material in
> e-mail is strictly forbidden."
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael
> > Sent: martes, 07 de enero de 2003 15:31
> > To: snort-users at ...382...
> > Subject: [Snort-users] ACID with 2 archive databases?
> > Hi,
> > I'm using Snort 1.9.0 with ACID v0.9.6b22. I created an
> > archive database and use the ACID function to move the true
> > alerts to the archive.
> > All my charts an history comes from the archive database. The
> > false positives stay in the snort database, because I don't
> > want to delete them. Sometimes I'm not shure if an alert is a
> > false positive and sometimes I need to check an old alert a
> > second time. The problem is that we sometimes have more than
> > one person working on the alerts in the snort database. And
> > that is very difficult with thousands of old alerts in this
> > database. Is it possible to use ACID with a second archive
> > database (archive2) where we can move the false positives to?
> > So that we've a snort database with only the new,
> > unexamined alerts. We want to move the true alerts to the
> > archive1 database and the false positives to the archive2
> > databse. Has anyone done something like this or have a need
> > for it too?
> > Any ideas?
> > Thanx for you help,
> > Michael
> > --
> > +++ GMX - Mail, Messaging & more http://www.gmx.net +++
> > NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
> > -------------------------------------------------------
> > This SF.NET email is sponsored by:
> > SourceForge Enterprise Edition + IBM + LinuxWorld = Something
> > 2 See! http://www.vasoftware.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/s> nort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
More information about the Snort-users