[Snort-users] Archive alert from ACID/BASE

Paul Schmehl pauls at ...6838...
Mon Mar 21 09:34:45 EST 2005


--On Monday, March 21, 2005 09:18:01 AM -0800 Wayne Ho 
<wenghon828 at ...131...> wrote:

> Snort guru:
>
> Can anyone walk me through how to "duplicate" the BASE
> table/database schema to another database within the
> MySQL, so that I can archive alerts to this
> "secondary" database for longer retention? Which
> tool/utility you use to archive alert?
> I saw BASE can archive alerts (move) under action item
> list. However, where I need to configure so those
> alerts will be archived to proper location?
>
Log in to mysql:
mysql -u root -p

At the prompt, type "CREATE DATABASE {yournamehere};
for example "CREATE DATABASE archive;

Log out of mysql.

At the commandline type mysql -u root -p archive </path/to/the/create_mysql 
script
for example: mysql -u root -p archive </home/fred/create_mysql

Edit the base_conf.php file to indicate the name of the archive db.
/* Archive DB connection parameters */
$archive_dbname   = "archive";
$archive_host     = "localhost";
$archive_port     = "";
$archive_user     = "archive";
$archive_password = "archive";

(Obviously you should use a username and password different from this 
example.)

Once you've done that, you can archive events using BASE.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list