Snort mailing list archives

Previous By Date Next
Previous By Thread Next

HOW TO archive alerts using ACID on a different DB???

From: "Bruno Sicchieri" <bsicchieri () hotmail com>
Date: Fri, 06 Dec 2002 08:58:05 -0200

Hi,
I'm trying to archive alerts on a different db (not my current db for ACID) with no sucess! 

My system is:
RedHat 7.3
Snort 1.8.7
MySQL 3.23.52-1
ACID 0.9.6b21

ACID is current archiving alerts on db "snort" using
the user "snort"

I want to archive all alerts from November on db
"snort_nov", so I created the db "snort_nov" and
created the same schema as "snort" using the
create_mysql script.
Then connected on "snort_nov" db and made this:

mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort_nov.* to snort;
mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on
snort_nov.* to snort@localhost;
mysql> flush privileges;
mysql> exit;

Then I updated the $archive_dbname, $archive_host,
$archive_user, $archive_password, $archive_port
variables in the ACID configuration file acid_conf.php
to reference the archive database "snort_nov".

So I runned the query which contains the alerts to be
archived (all alerts from November). At the bottom of
the query results in the 'Action' box no matter if a
choose "Archive -- copy" or "Archive -- move" or the
other 'Action' buttons (Selected, ALL on Screen or
Entire Query) I've got this:

-----------------------------
Added 0 alert(s) to the Alert cache

Ignored 50 duplicate alert(s)

No alerts were selected or the ARCHIVE-move was not
successful
------------------------------

PS.: I tested all combinations with no sucess.
The text-box following the combo-box was left blank.

Anyone could help me please???

Thanks, Bruno.



_________________________________________________________________
MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: