[Snort-users] Snort Archive Database Creation Script

Alejandro Flores alejandro.flores at ...11361...
Sat Jul 31 04:58:03 EDT 2004

	Hello Charles,

	A mysql database is a directory where each table is a file. In a ugly
way, you can stop your mysql, go to your databases directory
(/var/lib/mysql in redhat/fedora), rename your database (mv snort
snort-archive), start mysql and recreate the original database. Remember
to grant privileges to your 'new' database.
		(I do not recommend you do this!)

	There's a tool called 'mysqlhotcopy' that I guess will fit your needs.
It comes with MySQL, so you can check the documentation with: perldoc
mysqlhotcopy or pointing your browser to:

Alejandro Flores

> Hi all.  Don't know if this question has been asked before.  I wasn't
> able to find too much on google or the list archive.
> I would like to be able to archive events picked up by my snort IDSs. 
> Now, I know that ACID has this functionality.  But I also know that
> you have to have the database backend.  Does anyone know if 1) the DB
> setup script that comes with the snort package will work for the
> "snort-archive" db? or 2) if there's a snort-archive db setup script
> that I missed in the package? or 3) is there a 3-rd party script some
> where out there in userland?  I'm not the most savvy mysql DBA, so it
> would be non-trivial for me to try to set up the db myself.
> Any guidance would be appreciated.
> Thanks.

More information about the Snort-users mailing list