Snort mailing list archives

RE: a user experience w/ Snort, ACID & (Postgre|My) SQL

From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Thu, 04 Oct 2001 09:43:33 -0700

I created three custom (very dumb) shell scripts that are run by cron.  One
moves the tables (literally performs a mv on the directory that holds the
snort db) and then creates a new empty database with the mysql_create script
(v1.04).  A second script fires off my custom php page to get the statistics
for that week (tcp, udp, icmp, portscan and total alerts <- similar to the
graph from the top of ACID).  The third and final script takes the archive
and tars it up to a different directory for long term storage.

All three scripts are totally dumb (no error handling or correction
involved)

#!/bin/bash
# Snort Move script.  Moves the database from live to archive status, then
creates the new tables.
PATH=/bin:/usr/bin

/bin/echo "Starting move of SQL to Archive `/bin/date +%c`" >>
/home/hellgate/bin/stats.log
/etc/rc.d/init.d/mysql stop
cd /var/lib/mysql/snort
/bin/mv -f * /var/lib/mysql/snort_archive
/etc/rc.d/init.d/mysql start
sleep 60
/bin/echo "Creating Snort tables `/bin/date +%c`" >>
/home/hellgate/bin/stats.log
/usr/bin/mysql -u root -p<password> snort < /home/hellgate/bin/create_mysql
/bin/echo "Finished Snort tables `/bin/date +%c`" >>
/home/hellgate/bin/stats.log
/bin/echo "Finished move of SQL to Archive `/bin/date +%c`" >>
/home/hellgate/bin/stats.log

#!/bin/bash
# Calls my custom php which borrows code from ACID to create a chart for
that weeks data
PATH=/usr/bin:/bin

echo "Started Snortstats `/bin/date +%c`" >> /home/hellgate/bin/stats.log
cd /home/httpd/html/php/
/usr/bin/wget -T 0 -O index.html <url of web server and page>
/bin/mv -f index.html index`/bin/date +%m-%d-%y`.html
echo "<A HREF=\"index`/bin/date +%m-%d-%y`.html\">Stats for week of
`/bin/date +%m-%d-%Y`</A><BR>" >> snortstats.html
chmod 644 /home/httpd/html/php/*
echo "Finished Snortstats `/bin/date +%c`" >> /home/hellgate/bin/stats.log

#!/bin/bash
# Snort Archive tars up the archive data so that it can be put into "cold
storage" unless needed.
PATH=/bin:/usr/bin

/bin/echo "Starting archive of SQL in Snort Archive `/bin/date +%c`" >>
/home/hellgate/bin/stats.log
cd /var/lib/mysql/snort_archive
/bin/tar -cf /var/lib/mysql/archives/snort_archive-`date +%V-%Y`.tar
/var/lib/mysql/snort_archive/*
/bin/echo "Finished archive of SQL in Snort Archive `/bin/date +%c`" >>
/home/hellgate/bin/stats.log

-----Original Message-----
From: Jason Lewis [mailto:jlewis () packetnexus com]
Sent: Wednesday, October 03, 2001 09:59
To: 'Kevin Brown'; 'Snort Users'
Subject: RE: [Snort-users] a user experience w/ Snort, ACID &
(Postgre|My) SQL

How are you doing the rotation?

<snip>
We have since switched back to Mysql and I have the database 
rotated out
once a week to prevent it from growing too large.  Switching 
back also fixed
the timestamp issues, so I can only assume that the problem 
is with the db
output plugin and postgres.

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: a user experience w/ Snort, ACID & (Postgre|My) SQL Fraser Hugh (Oct 03)
- <Possible follow-ups>
- RE: a user experience w/ Snort, ACID & (Postgre|My) SQL Kevin Brown (Oct 03)
  - RE: a user experience w/ Snort, ACID & (Postgre|My) SQL Jason Lewis (Oct 03)
  - Re: a user experience w/ Snort, ACID & (Postgre|My) SQL Matt Watchinski (Oct 03)
- RE: a user experience w/ Snort, ACID & (Postgre|My) SQL Kevin Brown (Oct 04)