Re: Backup questions

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Subba Rao wrote:
> The few installations of snort I did in production environment had only the log file ("alerts") which Snort was writing too.  This file was 
> massaged and created neat/meaningful web pages and alerts were sent out to the admins.  At the end of the day I did backup the "alerts" 
> file to the backup (Tivoli) server and then copied /dev/null over "alerts" for the next day.
>
> Now I plan to use the Snort + Acid combination.  In this setup, 
> Acid seems to use MySql (or other preffered SQL server).  
> At the end of the day, I would like to backup these 
> alerts/warnings for a few months.  In this case, what do I backup?
> There is no "alerts" file.  If it is the database, then what are
> the database files that I need to backup? Once backup is done, 

(AFAIK) You can't make a backup of a DC that way. You need to dump the
database to a file first. For MySQL see the tool "mysqldump" for this.
It should come with your MySQL installation.

> how do I clean up the DB for the next day alerts/warnings?

Once a day seems to me very short time period to clean up. I have
about 70000 alerts in one DB and do not see any reason (for now)
to clean up. Since ASCII files are beeing very good compressed,
the DB-dumps are still not that big.

Regards,

Edin_

--
Edin Dizdarevic



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users