Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ACID and MySQL questions

From: "Jason Lewis" <jlewis () packetnexus com>
Date: Mon, 6 Aug 2001 21:41:17 -0400
What exactly is the goal of the archive feature?

I actually have several "instances" of ACID.  I have one that is read-only
for general security team use.  I have one with delete rights, so I can keep
the DB manageable.  The last one is configured to view the archive where I
move interesting data.

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of
roman () danyliw com
Sent: Monday, August 06, 2001 5:15 PM
To: jlewis () packetnexus com
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] ACID and MySQL questions


Hi Jason,


I am using the archive DB function in ACID.  I don't see a link in ACID

that

will let you view the archive.  I just copied the ACID files into a second
directory and pointed the acid_conf to the archive db.  My question

is....Is

that the only way to do it?  Or is there something I missed?  BTW, I am
happy with the latest ACID build b13.


The archive database is no different than the "active"
alert databaase.  Hence, there is no special
mechanism by which to view it.



Next question.... I can't find any info on what exactly a snort sensor

that

is not running MySQL needs in the way of MySQL libraries to be able to log
to a central MySQL DB server.  Can I get away with installing the MySQL
client?  So far I have been doing full blown installs of MySQL on each
sensor.  Anyone doing something different?


I have not confirmed this, but I suspect that
in order to perform remote DB logging only the
Mysql-devel library would be necessary.

cheers,
Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: