Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort DB: move / copy alerts from one DB to another?

From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Mon, 29 Jul 2002 18:35:48 -0400
My suggestion would be to create another database say snort2, copy the data
that you interested into that database, then move the files to your other db
server then copy the data back into the snort database. You can also use
mysql dump instead of copying the data. If you don;t have a handy dba to
help with the sql drop me a line and I will try and help

Ian


----- Original Message -----
From: "Moyer, Shawn" <SMoyer () rgare com>
To: <snort-users () lists sourceforge net>
Sent: Monday, July 29, 2002 4:21 PM
Subject: [Snort-users] Snort DB: move / copy alerts from one DB to another?




### This isn't addressed anywhere I can find, and since I'm not much of a
DBA, I thought I'd ask to the list before I try to figure it out on my

own.


I've recently moved one of my sensors from a local MySQL DB to a remote

one

via stunnel. When I did this, I went ahead and just tar'd up the Snort DB
and scp'd it to the other box, which worked like a charm.

One snag, tho: the box was rebooted unexpectedly and the old MySQL

instance

came up locally on the sensor, with the local MySQL listening on
127.0.0.1:3306, which was the same socket I was using with stunnel, and
since the MySQL init was before the stunnel one, for a few days the sensor
was logging to the local DB instead of to the remote one.

At this point I've got around 1000+ alerts I need to move over from the
local to the remote DB, from approximately 07/23/2002 to 07/29/2002. Can
anyone give me a hand with some SQL to pull this off?




--shawn





-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: