[Snort-users] Archive Database in ACID

Herve Debar herve.debar at ...7137...
Fri Jan 24 06:38:29 EST 2003


Counselman, Chris Contractor/Sverdrup wrote:
> I am running RedHat 8.0, snort 1.9.0, and ACID .9.6b22 logging to a
> mysql database.
> I have two acid directories, one to connect to the alert database and
> one to connect to the archive database.
>  
> I am trying to move current alerts to the archive database. I setup
> everything and can move or copy alerts to the archive database once and
> then view those alerts. When I try to move or copy alerts again it says
> successful move to the archive but when I go to the archive instance of
> ACID, the main screen actually updates the TCP/ICMP/UDP graphs to
> reflect the extra data but I can not see the data anywhere else. It does
> not say new alerts added and the new alerts does not show up anywhere
> but the graph.

There is another problem, where sensor data is not copied to the 
archive DB. I have a fix for this, that I need to push to the acid 
developpers.

Hervé
-- 
Hervé Debar             <mailto:herve.debar at ...7137...>
Tel: +33 (0)2 31 75 92 61            GSM: +33 (0)6 74 09 09 66
France Télécom R&D                   Fax: +33 (0)2 31 75 93 13
42 rue des Coutures  (--)  BP 6243  (--)  F-14066 Caen Cedex 4





More information about the Snort-users mailing list