[Snort-users] Snort Archive Database Creation Script

Alejandro Flores alejandro.flores at ...11361...
Sat Jul 31 04:58:03 EDT 2004


	Hello Charles,

	A mysql database is a directory where each table is a file. In a ugly
way, you can stop your mysql, go to your databases directory
(/var/lib/mysql in redhat/fedora), rename your database (mv snort
snort-archive), start mysql and recreate the original database. Remember
to grant privileges to your 'new' database.
		(I do not recommend you do this!)

	There's a tool called 'mysqlhotcopy' that I guess will fit your needs.
It comes with MySQL, so you can check the documentation with: perldoc
mysqlhotcopy or pointing your browser to:
	http://dev.mysql.com/doc/mysql/en/mysqlhotcopy.html

Regards,
Alejandro Flores


> Hi all.  Don't know if this question has been asked before.  I wasn't
> able to find too much on google or the list archive.
> 
> I would like to be able to archive events picked up by my snort IDSs. 
> Now, I know that ACID has this functionality.  But I also know that
> you have to have the database backend.  Does anyone know if 1) the DB
> setup script that comes with the snort package will work for the
> "snort-archive" db? or 2) if there's a snort-archive db setup script
> that I missed in the package? or 3) is there a 3-rd party script some
> where out there in userland?  I'm not the most savvy mysql DBA, so it
> would be non-trivial for me to try to set up the db myself.
> 
> Any guidance would be appreciated.
> 
> Thanks.




More information about the Snort-users mailing list