[Snort-users] ACID And MYSQL
Schmehl, Paul L
pauls at ...6838...
Mon Jun 9 13:56:13 EDT 2003
ACID requires the addition of four acid-specific tables to the default
install of mysql. Those four tables are "filled" by ACID (by querying
the snort tables) whenever you load or refresh the ACID webpage in your
browser. You can delete all the data that are in those tables and ACID
will "refill" them the next time you refresh your browser.
The mysql database is being written to constantly by snort. The data
are entered into the tables in snort that are created using the
create_mysql script that comes with the default install tarball. ACID
takes the data that are in those tables and uses them to build its own,
completely separate tables so it can display the data in ACID's format.
We have created a php page that queries the snort tables directly and
returns "most frequent hits" for a configurable number of hits and a
configurable time frame. It doesn't require the use of ACID at all.
I also query the db directly whenever I need to get some info that ACID
won't give me. It's completely possible to build your own frontend that
doesn't require the ACID tables at all. All the data are in the snort
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
From: John Ceballos-contr [mailto:John.Ceballos-contr at ...9411...]
Sent: Monday, June 09, 2003 2:33 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ACID And MYSQL
First, I was hoping if somebody can either explain to me or point to me
in the right direction as to how ACID and MYSQL work. The mechanics
really. I get the distinct impression that the database is not written
to until somebody logs into ACID. Am I wrong on this? If so, please
Second, has anybody done a webpage where it queries the MYSQL database
but it doesn't return the right information until you log into ACID? IF
so, how did you fix it where you don't have to log into ACID to return
the correct info? Thanks all for your help!
More information about the Snort-users