Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users digest, Vol 1 #1760 - 15 msgs

From: "Denis Romanov" <romanovd () co kern ca us>
Date: Fri, 05 Apr 2002 07:59:45 -0800
Hi Ed!

If you think this is an incorrect way of dealing with the snort_archive, please let me know.

In case no one answered your question yet. If you have done this before, just disregard it. I would go over your 
snort_archive database again. Verify if the password is ok.

Check your acid_conf.php file, there is a section which takes care of the archive feature in ACID.

/* Archive DB connection parameters */
$archive_dbname   = "snort_archive";
$archive_host     = "localhost";
$archive_port     = "";
$archive_user     = "root";
$archive_password = "password";     ///change the password to yours

Login to your mysql and recheck if your snort_archive tables are present. If not, you will have to create them the same 
way you did your snort tables.

#mysql -p < /usr/local/src/snort-1.8.4/contrib/create_mysql  snort_archive

then grant DELETE,INSERT,SELECT priviliges to snort_archive, like you did to snort.

#mysql -p

grant INSERT,SELECT,DELETE on snort_archive.* to root@localhost;
FLUSH PRIVILIGES;
quit


Back to ACID, and try archiving again. It should work.

Regards,
Denis





Message: 3
From: "Ed Spick" <es () soas ac uk>
To: snort-users () lists sourceforge net
Date: Thu, 4 Apr 2002 17:00:18 +0100
Subject: [Snort-users] acid-archive-snortprob


Hi
I have a problem with archiving of snort alerts logged to mysql running 
through acid, hope someone can help ?  

my config  :
Acid 0.9.6b20
snort  1.8.3-5
php 4.1.2
mysql 3.23.49a
adodb 172 (also tried 180)
apache 1.3.22
redhat 7

Whenever  I choose an alert and ask to move it to the archive database I
get 
this fatal error :

Fatal error: Call to a member function on a non-object in 
/var/www/html/acid/acid_db.inc on line 93

Not sure whether this is a php or an adodb or a mysql problem ?
The archive database is there with the correct permissions and as far as I
have read everything is configured as required by the documentation.
I've searched archives for last year - no-one else seems to have seen this
?
Any help gratefully rceved as I have over 400,000 alerts to archive

Cheers ed spick 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: