RE: ACID 1.0 RC1 - Archive Problem

["Chris" <chris () kive net>]

Naturally I solved my own problem after finally asking for help. For
anyone else that has this issue, I just needed to recreate the same
database structure in the "snort_archive" db as I already had in the
"snort" db.

 

This includes both the MySQL and Acid db structures.

 

As soon as I did that, started working cleanly. As I started reading
over my e-mail again, I realized that I *thwack* had never tried that. 

 

The commands for those searching the mailing list, assuming mysql, are
below. Change your username, database name, install directories, etc. to
fit your own situation.

 

# Start

 

cd ~/snort-2.0.0

mysql -D snort_archive -u snortuser -p < ./contrib/create_mysql

cd ~/acid

mysql -D snort_archive -u snortuser -p < create_acid_tbls_mysql.sql

 

# End

 

-Chris

 

 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Chris
Kuivenhoven
Sent: Friday, May 16, 2003 2:55 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID 1.0 RC1 - Archive Problem

 

Hello,

 

I have Snort, Acid, and SnortCenter all running without a problem, with
one exception. I've read through the FAQ's, manuals, and searched
through several mailing list archives, but I'm just not finding anything
that documents anything about the archive feature. I have tried hacking
around with it, but I'm not getting anywhere. I really appreciate any
help that you may give me.

 

I have Snort logging into a MySQL database "snort", which Acid is using
for it's main database. The archive database is "snort_archive". The
same user is configured with the same password for both databases, and
The "snort" database works without any problem that I can tell. The
"snort_archive" database contains no tables or records. My snort user
also has the same grants on each database.

 

When I am in Acid, and I select alerts to archive (move), I receive the
following error:

 

Fatal error: Call to a member function on a non-object in
/var/www/html/acid/acid_db.inc on line 93

 

Relevant lines from /var/www/html/acid/acid_db.inc:

 

84:     $sql = "SELECT vseq FROM schema";

85:     if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM
[schema]";

86:     $result = $this->DB->Execute($sql);

87:     if ( $this->acidErrorMessage != "" )

88:        $this->version = 0;

89:     else

90:     {

91:       $myrow = $result->fields;

92:        $this->version = $myrow[0];

93:        $result->Close();

 

The only file I have modified in the acid distribution is acid_conf.php,
relevant options (sanitized) below:

 

$DBlib_path = "/var/www/html/adodb";

$DBtype = "mysql";

$alert_dbname   = "snort";

$alert_host     = "localhost";

$alert_port     = "";

$alert_user     = "snortuser";

$alert_password = "snortuserpassword";

$archive_dbname   = "snort_archive";

$archive_host     = "localhost";

$archive_port     = "";

$archive_user     = "snortuser";

$archive_password = "snortuserpassword";

$db_connect_method = 1;

$use_referential_integrity = 0;

$ChartLib_path = "/var/www/html/phplot-4.4.6";

$debug_mode = 0;

$debug_time_mode = 1;

$html_no_cache = 1;

$sql_trace_mode = 0;

$sql_trace_file = "";

$portscan_file = "/var/log/snort";

 

Everything was installed from scratch, no upgrades. All relevant
libraries are installed, no compilation or configuration errors were
noted.

 

Specs:

 

RedHat Linux 7.3

snort 2.0.0

snortcenter 1.0 RC1

snortcenter-agent 1.0 RC1

acid 0.9.6 beta 23

adodb 3.40

mysql 3.23.56

 

TIA,

 

-Chris