Snort mailing list archives
Re: accessing archived data
From: John Ruff <jruff () nc rr com>
Date: 07 Oct 2001 10:29:06 -0400
I am currently using the dual directory to access my archived database. However, I've run into a little problem with regards to this setup. Because the alerts are being logged into the 'active DB' only the ACID tables in the 'active DB' are being updated. Then when you archive events to your 'archive DB' the entries in the 'active DBs' ACID tables are not archived(move or copy) as well. Therefore when you go to display the stats for your 'archive DB' via ACID the counts are not updated. You have to manually delete the ACID tables, then hit the 'acid_archive/index.html' page to have the tables recreated and the 'archive DB' parsed again. Then the counts are correct. Does anyone have a solution that will allow the related ACID table events to be archived to the 'archive DB' when doing a move or copy from the 'active DB'? Best Regards, John
Creating another instance of ACID in another directory is the only way to possible right now to view the archive and live database simultaneously. cheers, RomanPlease forgive what is obviously a newbie question... I've got snort and ACID running happily and today I started playing with the archive functions under mySQL. I've created the archive database, added its particulars to the acid_conf.php, and apparently successfully moved events from the live db to the archive. Now what is the simplest method of going back to review the archive? I've played with the idea of creating a second acid directory on the web server with a different acid_conf.php, but I was wondering if there is a simpler method that I am missing.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- accessing archived data East, Bill (Oct 04)
- <Possible follow-ups>
- Re: accessing archived data roman (Oct 04)
- Re: accessing archived data John Ruff (Oct 07)