Re: acid/base recovery

[Joel Esler <eslerj () gmail com>]

You would have to create the snort database found in the
"create_mysql" directory.  This isn't the "ACID" database..per say.. 
it's the Database that Snort is commonly coded to log to..



On 6/6/05, Dominik Gehl <dgehl () inverse ca> wrote:
> Hi,
>
> you can find the MySQL db script to create the ACID database in the
> snort distribution at snort-2.3.3/schemas/create_mysql
>
> Dominik
>
> On Mon, 2005-06-06 at 12:12 -0400, John Hally wrote:
> > Hello All,
> >
> >
> >
> > I had the unfortunate happen and lost a raid array that housed all of
> > my alert data for BASE.  I'm in the midst of recovering and it looks
> > like that the sql files in the BASE tar file are not the only one(s)
> > needed to rebuild the database.  Is acid's original sql table setup
> > required as well?  Base is erroring with:
> >
> >
> >
> > Database ERROR: Table 'snort.iphdr' doesn't exist
> >
> >
> >
> > It does not exist after I've run:
> >
> >
> >
> > Mysql -u (user) -p -D snort < create_base_tbls_mysql.sql
> >
> >
> >
> > The tables have been created and this is what I have in
> > my /usr/lib/mysql/snort directory:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > acid_ag_alert.frm
> >
> > acid_ag.frm  acid
> >
> > event.frm
> >
> > acid_ip_cache.frm
> >
> > base_roles.frm
> >
> > base_users.frm
> >
> > acid_ag_alert.MYD
> >
> > acid_ag.MYD  acid_event.MYD
> >
> > acid_ip_cache.MYD
> >
> > base_roles.MYD
> >
> > base_users.MYD
> >
> > acid_ag_alert.MYI
> >
> > acid_ag.MYI
> >
> > acid_event.MYI
> >
> > acid_ip_cache.MYI
> >
> > base_roles.MYI
> >
> > base_users.MYI
> >
> >
> >
> > Thanks in advance!
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
> a projector? How fast can you ride your desk chair down the office luge track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users