[Snort-users] Snort Archive Database Creation Script
charles.heselton at ...11827...
Sun Aug 1 02:53:26 EDT 2004
On Sat, 31 Jul 2004 08:56:35 -0300, Alejandro Flores
<alejandro.flores at ...11361...> wrote:
> Hello Charles,
> A mysql database is a directory where each table is a file. In a ugly
> way, you can stop your mysql, go to your databases directory
> (/var/lib/mysql in redhat/fedora), rename your database (mv snort
> snort-archive), start mysql and recreate the original database. Remember
> to grant privileges to your 'new' database.
> (I do not recommend you do this!)
> There's a tool called 'mysqlhotcopy' that I guess will fit your needs.
> It comes with MySQL, so you can check the documentation with: perldoc
> mysqlhotcopy or pointing your browser to:
> Alejandro Flores
> > Hi all. Don't know if this question has been asked before. I wasn't
> > able to find too much on google or the list archive.
> > I would like to be able to archive events picked up by my snort IDSs.
> > Now, I know that ACID has this functionality. But I also know that
> > you have to have the database backend. Does anyone know if 1) the DB
> > setup script that comes with the snort package will work for the
> > "snort-archive" db? or 2) if there's a snort-archive db setup script
> > that I missed in the package? or 3) is there a 3-rd party script some
> > where out there in userland? I'm not the most savvy mysql DBA, so it
> > would be non-trivial for me to try to set up the db myself.
> > Any guidance would be appreciated.
> > Thanks.
Thanks. I'm not usually one for klugy fixes, and this sounds like
one. No offense. I got things working nicely by creating the archive
database, then using the 'create_mysql' script that is shipped with
snort to create the tables I needed. It worked very well. Thanks for
the advice though.
Network Security Engineer
More information about the Snort-users