Snort mailing list archives

Previous By Date Next
Previous By Thread Next

MySQL & ACID Issues

From: "- -" <zerobreak () dfxdesigns com>
Date: Tue, 11 Mar 2003 11:14:22 -0500
My current setup consists of snort logging to mysql, then using acid to view the logs. Within the web server I have two 
copies of acid, one configured for the live snort database, the other is for the archive. Making it easier to move back 
and forth between both databases.

The problem that just showed up about a week ago is that if I go to move events from the live database to the archive 
through acid. Acid says they have successfully been moved, but when viewing the archived database, they are not added. 
The database stays the same size with the same amount of alerts before I tried moving any from the live database. They 
do in fact disappear from the live database too. So if I go to move any alerts, they disappear from the live, and never 
show up in the archive... losing the events. Also if I check the individual mysql files on the file system, it show's 
they have been modified.

Checking the logs of snort, apache, & mysql show's nothing out of the ordinary. The live database continues to work 
fine with new events written to it constantly. In the archive database, I can also delete events. But not copy or move. 
I tried deleting the snort_archive database and starting over from 0 events before trying to restore the backup, this 
also did not work. I have a feeling that it's something to do with acid, but I'm not sure. I tried a freshly untared 
copy of acid and adodb, but this also did not work. My versions are listed below, and any help is greatly appreciated. 
For now all I can do is leave all the alerts in the live database. But it's getting quite cumbersome.


Slackware 8.1
Snort 1.9.0
MySQL 3.23.55
Adodb 3.10
Acid 0.9.6b23

Thanks again,
ZB



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: