[Snort-users] Snort Archive Database Creation Script

Charles Heselton charles.heselton at ...11827...
Fri Jul 30 19:41:03 EDT 2004


Yup.  Actually I just checked, and that's not exactly what I'm looking
for.  The script that's included with the ACID package creates the
tables necessary for ACID.  What I'm looking for is the snort-archive.
 I don't think this is an ACID-specific db.  I would imagine that the
table setup and such is basically the same as the main snort db.  But
I have no confirmation of that and don't want to go modifying the
"create_mysql.sql" in the snort/contrib directory to create a
snort-archive db.  Does any of this make sense?

On Fri, 30 Jul 2004 19:29:38 -0700, Charles Heselton
<charles.heselton at ...11827...> wrote:
> Thanks for the offer.  I actually have snort/mysql/ACID all
> installed/configured/running.  But I don't have an archive db.  I just
> didn't know if there was a script to create the archive db like there
> is for the main db.  I'll check my ACID package (I'm sure I still have
> it around somewhere ;) and see if there's a script there.  If not,
> I'll shoot you a line.
> 
> THANKS!
> 
> 
> 
> On Fri, 30 Jul 2004 21:24:52 -0500, Thompson, Jimi
> <jimit at ...10836...> wrote:
> > PS:  It's really easy to install.  If you want to install ACID, I have a
> > nice set of HOWTO's that I published a while back that explain exactly
> > how to install and set up everything.  Of course, it's on my favorite
> > OS, FreeBSD and some of the instructions are specific to that OS.  It's
> > got config files and all kinds of goodies.  It's actually written for
> > Windows admins who want to bring up SNORT on a more secure OS.
> >
> > HTH,
> >
> >
> >
> > Jimi
> >
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Charles
> > Heselton
> > Sent: Friday, July 30, 2004 7:52 PM
> > To: snort users
> > Subject: [Snort-users] Snort Archive Database Creation Script
> >
> > Hi all.  Don't know if this question has been asked before.  I wasn't
> > able to find too much on google or the list archive.
> >
> > I would like to be able to archive events picked up by my snort IDSs.
> > Now, I know that ACID has this functionality.  But I also know that
> > you have to have the database backend.  Does anyone know if 1) the DB
> > setup script that comes with the snort package will work for the
> > "snort-archive" db? or 2) if there's a snort-archive db setup script
> > that I missed in the package? or 3) is there a 3-rd party script some
> > where out there in userland?  I'm not the most savvy mysql DBA, so it
> > would be non-trivial for me to try to set up the db myself.
> >
> > Any guidance would be appreciated.
> >
> > Thanks.
> >
> > --
> > Charlie Heselton
> > Network Security Engineer
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> > one more big change to announce. We are now OSTG- Open Source Technology
> > Group. Come see the changes on the new OSTG site. www.ostg.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> 
> --
> Charlie Heselton
> Network Security Engineer
> 


-- 
Charlie Heselton
Network Security Engineer




More information about the Snort-users mailing list