Snort mailing list archives
ACID Archive Solution / ACID DB Scripts / ACID AG Email Fix
From: "Timothy Wright" <twright () nd edu>
Date: Thu, 13 Feb 2003 16:17:40 -0500
All: About a week ago, I offered up a solution (a PHP script) that one could use to automate the process of archiving IDS events in an ACID/Snort database. Using ACID to manually archive IDS data is simply too cumbersome, so I hacked out a solution by following along with one of the PHP scripts that comes with ACID. Shortly after I crafted the archiving script, I realized that I also needed a script to purge old event data. The way I have things set up, I'm using a "24 hour" current day's database, and a rolling-week archive. Each morning (shortly after midnight) the archive script moves the previous day's data into the archive database. At the same time, the purge script deletes data from the archive that are a week old. Ultimately, my intentions are to change over to a rolling 30 day (maybe more) archive. By backing up the entire Snort/ACID database system periodically, it's pretty easy to maintain long term archives and recover from any disasters. Over the past couple of months, while working with ACID and Snort I've also come up with a few handy database scripts - stuff that quickly re-creates all of the Snort and ACID tables (with ACID's indexing), etc. Finally, I've come up with a solution to the problem ACID has in emailing Alert Group data (the solution is _very_ simple...read through the version of acid_ag_main.php that I've posted and you'll see...) I've placed all of these items out on a web site for any interested party to grab: www.nd.edu/~twright However, be aware of this: * I'm using MySQL * I'm using Red Hat 8 Hence, the scripts I've provided will be most useful in this context. -Tim -- Timothy Wright, CISSP Information Security Office of Information Technology University of Notre Dame ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID Archive Solution / ACID DB Scripts / ACID AG Email Fix Timothy Wright (Feb 13)