[Snort-users] ACID And MYSQL

John Ceballos-contr John.Ceballos-contr at ...9411...
Mon Jun 9 14:03:17 EDT 2003


OK. Thanks Paul!

My webpage is made with ColdFusion and I can't see why I am not getting the proper info unless I log into the ACID interface. My webpage also queries the database directly. This webpage doesn't have to do anything with ACID. Anybody know if there is something I am missing when I made this page with ColdFusion? Thanks!

>>> "Schmehl, Paul L" <pauls at ...6838...> 06/09/03 04:55PM >>>
ACID requires the addition of four acid-specific tables to the default
install of mysql.  Those four tables are "filled" by ACID (by querying
the snort tables) whenever you load or refresh the ACID webpage in your
browser.  You can delete all the data that are in those tables and ACID
will "refill" them the next time you refresh your browser.

The mysql database is being written to constantly by snort.  The data
are entered into the tables in snort that are created using the
create_mysql script that comes with the default install tarball.  ACID
takes the data that are in those tables and uses them to build its own,
completely separate tables so it can display the data in ACID's format.

We have created a php page that queries the snort tables directly and
returns "most frequent hits" for a configurable number of hits and a
configurable time frame.  It doesn't require the use of ACID at all.

I also query the db directly whenever I need to get some info that ACID
won't give me.  It's completely possible to build your own frontend that
doesn't require the ACID tables at all.  All the data are in the snort
tables.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

-----Original Message-----
From: John Ceballos-contr [mailto:John.Ceballos-contr at ...9411...] 
Sent: Monday, June 09, 2003 2:33 PM
To: snort-users at lists.sourceforge.net 
Subject: [Snort-users] ACID And MYSQL


Hello all!

First, I was hoping if somebody can either explain to me or point to me
in the right direction as to how ACID and MYSQL work. The mechanics
really. I get the distinct impression that the database is not written
to until somebody logs into ACID. Am I wrong on this? If so, please
correct me.

Second, has anybody done a webpage where it queries the MYSQL database
but it doesn't return the right information until you log into ACID? IF
so, how did you fix it where you don't have to log into ACID to return
the correct info? Thanks all for your help!





More information about the Snort-users mailing list