Snort mailing list archives

Re: Snort Archive Database Creation Script

From: Alejandro Flores <alejandro.flores () triforsec com br>
Date: Sat, 31 Jul 2004 08:56:35 -0300

        Hello Charles,

        A mysql database is a directory where each table is a file. In a ugly
way, you can stop your mysql, go to your databases directory
(/var/lib/mysql in redhat/fedora), rename your database (mv snort
snort-archive), start mysql and recreate the original database. Remember
to grant privileges to your 'new' database.
                (I do not recommend you do this!)

        There's a tool called 'mysqlhotcopy' that I guess will fit your needs.
It comes with MySQL, so you can check the documentation with: perldoc
mysqlhotcopy or pointing your browser to:
        http://dev.mysql.com/doc/mysql/en/mysqlhotcopy.html

Regards,
Alejandro Flores

Hi all.  Don't know if this question has been asked before.  I wasn't
able to find too much on google or the list archive.

I would like to be able to archive events picked up by my snort IDSs. 
Now, I know that ACID has this functionality.  But I also know that
you have to have the database backend.  Does anyone know if 1) the DB
setup script that comes with the snort package will work for the
"snort-archive" db? or 2) if there's a snort-archive db setup script
that I missed in the package? or 3) is there a 3-rd party script some
where out there in userland?  I'm not the most savvy mysql DBA, so it
would be non-trivial for me to try to set up the db myself.

Any guidance would be appreciated.

Thanks.



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Archive Database Creation Script Charles Heselton (Jul 30)
- Re: Snort Archive Database Creation Script Paul Schmehl (Jul 30)
- Message not available
  - Re: Snort Archive Database Creation Script Charles Heselton (Jul 31)
- Re: Snort Archive Database Creation Script Alejandro Flores (Jul 31)
  - Re: Snort Archive Database Creation Script Charles Heselton (Aug 01)
- <Possible follow-ups>
- Re: Snort Archive Database Creation Script Charles Heselton (Jul 30)