[Snort-users] migration from file to databse

teknet2 at ...7692... teknet2 at ...7692...
Mon Nov 22 08:10:08 EST 2004

I use snort with acid.
Snort logs event to alert_full file and postgresql (used by acid)

My problem is that log machine is not very powerfull... and i would like to do further security analize on other machine. 
I would like to move my alert_full file to other machine, and there recreate postgresql database usuing that file, so i could log on my main system only to alert_full file, and on other system use that file to build database which will be used by acid.

Is it possible ? 
I was thinking about using psqldump to move database from my log machine to other machine, but it would have to be whole database which is too much (specially it had to be done every day).
What do You propose ?


More information about the Snort-users mailing list