Intrusion Detection Systems mailing list archives

Re: RealSecure and Alternate Database -reply

From: Mark.Teicher () predictive com (Mark.Teicher () predictive com)
Date: Thu, 30 Mar 2000 10:08:27 -0500


There are several unsupported methods of exporting the data from the
rsntclientlog.mdb to various database formats via Microsoft Access. If you
refer to the Database Scheme in the ISS RealSecure Console 3.1 Guide pages
49 - 70, it describes in detail the fields defined by ISS RealSecure.

One can automate the export from Microsoft Access to Microsoft SQL server
with some basic SQL calls that Microsoft Access accepts.  Using Microsoft
SQL allows for some fancy custom report customization plus allows for a
better way of handling tons of data without bogging itself down. Microsoft
Access gets very sluggish after it grows to about 400 Mb..  Resizing or
purging the database via ISS RealSecure can be somewhat harmful to
potentially informative data collected about a particular organization
traffic from NNNN date range from NNNN date range.  In other words, using
those option within ISS RealSecure can potentially destroy data.  Refer to
pages 39 - 41 in the Console Guide for more details regarding the previous
statement.

In order to push data from the Access database to Oracle, one must map the
fields from Access to Oracle.  It is a very tedious process and not
recommended for the faint of heart .. :)  But again as ISS stated they do
not support but it works, plus once you get the rotation scripts working
correctly, Microsoft Access actually behaves quite well.  One caveat if
you executing the rotation scripts around midnight, you will lose some
data collected from the detectors, when you initiate the move of the
rsntclientlog.mdb file from the console to another machine.  ISS
RealSecure will recreate the rsntclientlog.mdb file if it is not there.
After the move of the rsntclientlog.mdb file, another script compresses
it, renames and then executes the data extraction from Microsoft Access to
Oracle ..

Execute the event correlation matches, shape the data and grab a copy of
Crystal Reports for ease of creating those fancy reports.. :)

/hope this helps

mht

"Kevin Johnston" <johnston () syrres com>
Sent by: owner-ids () uow edu au
03/29/00 01:49 PM
Please respond to johnston

        To:     ids () uow edu au
        cc:
        Subject:        IDS: RealSecure and Alternate Database

I know you can use a Microsoft SQL Server database in place of the MS
Access database for RealSecure.  Anyone ever try and was successful in
using ORACLE?  ISS says they do not support it.  Thanks.

- Kevin

begin:vcard
n:Johnston;Kevin
tel;fax:315-452-8310
tel;work:315-452-8318
x-mozilla-html:FALSE
org:Syracuse Research Corporation;Information Technology Center
adr:;;6225 Running Ridge Road;North Syracuse;NY;13212;USA
version:2.1
email;internet:johnston () syrres com
title:Research Engineer
fn:Kevin Johnston
end:vcard

(See attached file: johnston.vcf)

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: johnston.vcf
</UL>

Current thread:

Re: RealSecure and Alternate Database -reply Mark.Teicher () predictive com (Mar 30)
- <Possible follow-ups>
- Re: RealSecure and Alternate Database -reply Mark.Teicher () predictive com (Mar 31)