Snort mailing list archives
RE: ACID and MySQL questions
From: "Jason Lewis" <jlewis () packetnexus com>
Date: Mon, 6 Aug 2001 21:41:17 -0400
What exactly is the goal of the archive feature? I actually have several "instances" of ACID. I have one that is read-only for general security team use. I have one with delete rights, so I can keep the DB manageable. The last one is configured to view the archive where I move interesting data. Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of roman () danyliw com Sent: Monday, August 06, 2001 5:15 PM To: jlewis () packetnexus com Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ACID and MySQL questions Hi Jason,
I am using the archive DB function in ACID. I don't see a link in ACID
that
will let you view the archive. I just copied the ACID files into a second directory and pointed the acid_conf to the archive db. My question
is....Is
that the only way to do it? Or is there something I missed? BTW, I am happy with the latest ACID build b13.
The archive database is no different than the "active" alert databaase. Hence, there is no special mechanism by which to view it.
Next question.... I can't find any info on what exactly a snort sensor
that
is not running MySQL needs in the way of MySQL libraries to be able to log to a central MySQL DB server. Can I get away with installing the MySQL client? So far I have been doing full blown installs of MySQL on each sensor. Anyone doing something different?
I have not confirmed this, but I suspect that in order to perform remote DB logging only the Mysql-devel library would be necessary. cheers, Roman --------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: ACID and MySQL questions roman (Aug 06)
- RE: ACID and MySQL questions Jason Lewis (Aug 06)
- <Possible follow-ups>
- RE: ACID and MySQL questions roman (Aug 06)
- Re: ACID and MySQL questions Rob Whelan (Aug 06)