Re: manual access to ACID databases

[Susan Kay Coulter <skc () lanl gov>]

Oh yea -- as for the ip thing.   Definitely doable.  Use the archive.pl I sent
and change the driver table to iphdr.  (instead of event)  
On another note ... the number of columns defined in archive.pl may not be
correct for everyone.  I made manual changes to move from schema version 102 to
103 (which is where I'm at now) -- and I did not drop the columns that are no
longer used in 103 because I did not want to lose the old data.  Might want to
verify the column count.

> Does anyone have a script to extract all entries for a particular IP
> address from a MySQL database?  I would like to stop logging to the
> snort.log file too, as this probably adds some load and gets erased every
> time I stop and start snort after a config change.  I hate logging the same
> thing to 3 places, 2 is bad enough.
>
> Steve Rudolph CCSA, CCSE
> J. Walter Thompson
> World Wide IT

-- 
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
voice: (505) 667-8425
fax:   (505) 665-7793


-------------------------------------------------------



-- 
Susan Coulter
Network Security Team
CCN-5 Network Engineering
Los Alamos National Laboratory
voice: (505) 667-8425
fax:   (505) 665-7793

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users