[Snort-users] Snort Archive Database Creation Script

Charles Heselton charles.heselton at ...11827...
Sun Aug 1 02:53:26 EDT 2004


On Sat, 31 Jul 2004 08:56:35 -0300, Alejandro Flores
<alejandro.flores at ...11361...> wrote:
>        Hello Charles,
> 
>        A mysql database is a directory where each table is a file. In a ugly
> way, you can stop your mysql, go to your databases directory
> (/var/lib/mysql in redhat/fedora), rename your database (mv snort
> snort-archive), start mysql and recreate the original database. Remember
> to grant privileges to your 'new' database.
>                (I do not recommend you do this!)
> 
>        There's a tool called 'mysqlhotcopy' that I guess will fit your needs.
> It comes with MySQL, so you can check the documentation with: perldoc
> mysqlhotcopy or pointing your browser to:
>        http://dev.mysql.com/doc/mysql/en/mysqlhotcopy.html
> 
> Regards,
> Alejandro Flores
> 
> 
> 
> 
> > Hi all.  Don't know if this question has been asked before.  I wasn't
> > able to find too much on google or the list archive.
> >
> > I would like to be able to archive events picked up by my snort IDSs.
> > Now, I know that ACID has this functionality.  But I also know that
> > you have to have the database backend.  Does anyone know if 1) the DB
> > setup script that comes with the snort package will work for the
> > "snort-archive" db? or 2) if there's a snort-archive db setup script
> > that I missed in the package? or 3) is there a 3-rd party script some
> > where out there in userland?  I'm not the most savvy mysql DBA, so it
> > would be non-trivial for me to try to set up the db myself.
> >
> > Any guidance would be appreciated.
> >
> > Thanks.
> 
Thanks.  I'm not usually one for klugy fixes, and this sounds like
one.  No offense.  I got things working nicely by creating the archive
database, then using the 'create_mysql' script that is shipped with
snort to create the tables I needed.  It worked very well.  Thanks for
the advice though.

-- 
Charlie Heselton
Network Security Engineer




More information about the Snort-users mailing list