[Snort-users] acid/base recovery

John Hally JHally at ...5637...
Mon Jun 6 09:43:28 EDT 2005


Doh!

I should have known that one.  

Thanks Joel/Dominik!

-----Original Message-----
From: Joel Esler [mailto:eslerj at ...11827...] 
Sent: Monday, June 06, 2005 12:25 PM
To: Dominik Gehl
Cc: John Hally; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] acid/base recovery

You would have to create the snort database found in the
"create_mysql" directory.  This isn't the "ACID" database..per say.. 
it's the Database that Snort is commonly coded to log to..



On 6/6/05, Dominik Gehl <dgehl at ...13341...> wrote:
> Hi,
> 
> you can find the MySQL db script to create the ACID database in the
> snort distribution at snort-2.3.3/schemas/create_mysql
> 
> Dominik
> 
> On Mon, 2005-06-06 at 12:12 -0400, John Hally wrote:
> > Hello All,
> >
> >
> >
> > I had the unfortunate happen and lost a raid array that housed all of
> > my alert data for BASE.  I'm in the midst of recovering and it looks
> > like that the sql files in the BASE tar file are not the only one(s)
> > needed to rebuild the database.  Is acid's original sql table setup
> > required as well?  Base is erroring with:
> >
> >
> >
> > Database ERROR: Table 'snort.iphdr' doesn't exist
> >
> >
> >
> > It does not exist after I've run:
> >
> >
> >
> > Mysql -u (user) -p -D snort < create_base_tbls_mysql.sql
> >
> >
> >
> > The tables have been created and this is what I have in
> > my /usr/lib/mysql/snort directory:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > acid_ag_alert.frm
> >
> > acid_ag.frm  acid
> >
> > event.frm
> >
> > acid_ip_cache.frm
> >
> > base_roles.frm
> >
> > base_users.frm
> >
> > acid_ag_alert.MYD
> >
> > acid_ag.MYD  acid_event.MYD
> >
> > acid_ip_cache.MYD
> >
> > base_roles.MYD
> >
> > base_users.MYD
> >
> > acid_ag_alert.MYI
> >
> > acid_ag.MYI
> >
> > acid_event.MYI
> >
> > acid_ip_cache.MYI
> >
> > base_roles.MYI
> >
> > base_users.MYI
> >
> >
> >
> > Thanks in advance!
> >
> >
> >
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you
shotput
> a projector? How fast can you ride your desk chair down the office luge
track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


-- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas




More information about the Snort-users mailing list