[Snort-users] ACID 1.0 RC1 - Archive Problem

Chris chris at ...9206...
Fri May 16 13:18:12 EDT 2003

Naturally I solved my own problem after finally asking for help. For
anyone else that has this issue, I just needed to recreate the same
database structure in the "snort_archive" db as I already had in the
"snort" db.


This includes both the MySQL and Acid db structures.


As soon as I did that, started working cleanly. As I started reading
over my e-mail again, I realized that I *thwack* had never tried that. 


The commands for those searching the mailing list, assuming mysql, are
below. Change your username, database name, install directories, etc. to
fit your own situation.


# Start


cd ~/snort-2.0.0

mysql -D snort_archive -u snortuser -p < ./contrib/create_mysql

cd ~/acid

mysql -D snort_archive -u snortuser -p < create_acid_tbls_mysql.sql


# End





-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Chris
Sent: Friday, May 16, 2003 2:55 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ACID 1.0 RC1 - Archive Problem




I have Snort, Acid, and SnortCenter all running without a problem, with
one exception. I've read through the FAQ's, manuals, and searched
through several mailing list archives, but I'm just not finding anything
that documents anything about the archive feature. I have tried hacking
around with it, but I'm not getting anywhere. I really appreciate any
help that you may give me.


I have Snort logging into a MySQL database "snort", which Acid is using
for it's main database. The archive database is "snort_archive". The
same user is configured with the same password for both databases, and
The "snort" database works without any problem that I can tell. The
"snort_archive" database contains no tables or records. My snort user
also has the same grants on each database.


When I am in Acid, and I select alerts to archive (move), I receive the
following error:


Fatal error: Call to a member function on a non-object in
/var/www/html/acid/acid_db.inc on line 93


Relevant lines from /var/www/html/acid/acid_db.inc:


84:     $sql = "SELECT vseq FROM schema";

85:     if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM

86:     $result = $this->DB->Execute($sql);

87:     if ( $this->acidErrorMessage != "" )

88:        $this->version = 0;

89:     else

90:     {

91:       $myrow = $result->fields;

92:        $this->version = $myrow[0];

93:        $result->Close();


The only file I have modified in the acid distribution is acid_conf.php,
relevant options (sanitized) below:


$DBlib_path = "/var/www/html/adodb";

$DBtype = "mysql";

$alert_dbname   = "snort";

$alert_host     = "localhost";

$alert_port     = "";

$alert_user     = "snortuser";

$alert_password = "snortuserpassword";

$archive_dbname   = "snort_archive";

$archive_host     = "localhost";

$archive_port     = "";

$archive_user     = "snortuser";

$archive_password = "snortuserpassword";

$db_connect_method = 1;

$use_referential_integrity = 0;

$ChartLib_path = "/var/www/html/phplot-4.4.6";

$debug_mode = 0;

$debug_time_mode = 1;

$html_no_cache = 1;

$sql_trace_mode = 0;

$sql_trace_file = "";

$portscan_file = "/var/log/snort";


Everything was installed from scratch, no upgrades. All relevant
libraries are installed, no compilation or configuration errors were




RedHat Linux 7.3

snort 2.0.0

snortcenter 1.0 RC1

snortcenter-agent 1.0 RC1

acid 0.9.6 beta 23

adodb 3.40

mysql 3.23.56





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030516/dc700adb/attachment.html>

More information about the Snort-users mailing list