Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID Archive Solution / ACID DB Scripts / ACID AG Email Fix

From: "Timothy Wright" <twright () nd edu>
Date: Thu, 13 Feb 2003 16:17:40 -0500
All:

About a week ago, I offered up a solution (a PHP script) that one could use
to automate the process of archiving IDS events in an ACID/Snort database.
Using ACID to manually archive IDS data is simply too cumbersome, so I
hacked out a solution by following along with one of the PHP scripts that
comes with ACID.

Shortly after I crafted the archiving script, I realized that I also needed
a script to purge old event data.  The way I have things set up, I'm using a
"24 hour" current day's database, and a rolling-week archive.  Each morning
(shortly after midnight) the archive script moves the previous day's data
into the archive database.  At the same time, the purge script deletes data
from the archive that are a week old.  Ultimately, my intentions are to
change over to a rolling 30 day (maybe more) archive.  By backing up the
entire Snort/ACID database system periodically, it's pretty easy to maintain
long term archives and recover from any disasters.

Over the past couple of months, while working with ACID and Snort I've also
come up with a few handy database scripts - stuff that quickly re-creates
all of the Snort and ACID tables (with ACID's indexing), etc.

Finally, I've come up with a solution to the problem ACID has in emailing
Alert Group data (the solution is _very_ simple...read through the version
of acid_ag_main.php that I've posted and you'll see...)

I've placed all of these items out on a web site for any interested party to
grab:  www.nd.edu/~twright  However, be aware of this:

*  I'm using MySQL
*  I'm using Red Hat 8

Hence, the scripts I've provided will be most useful in this context.

-Tim

--

Timothy Wright, CISSP
Information Security
Office of Information Technology
University of Notre Dame



-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: