## README 
## Copyright (C) 2001 Cornett Wood 
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2, or (at your option)
## any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##
## To received a copy of the GNU General Public License, write to the
## Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

This is Acid Create Destroy, or acd.  It is what I use to create and
destroy snort sql databases.  I have not learned how to actually maintain
sql yet.  Bad sign.  Oh well.  

NOTE: The procedures herein do not discuss how to install mysql or load snort
      with mysql.

NOTE: <db> represents a database name like "acidtest".
      <pw> represents a password required by the sql server in conjunction
      with a database name.
      [<something>] represents something which will be processed on the
      command line or else prompted for.

Here are the relevant files.

getacid.sh <db>

    This does a hell of a lot based on the existance of the site.conf and
    <db>.cfg files.  It brings down the most recent cvs of Roman's acid
    and installs where indicated by the variables defined in site.conf
    and <db>.cfg.

    site.conf must exist and contains what is assumed to be common to
    a number of different potential snort databases.

    <db>.cfg defines a unique sql snort database after source'ing
    site.conf.

    You should use site-conf.template and db-cfg.template as a start
    for your <db>.cfg.  I usually define <db> to be the name of the snort
    database in but it can be anything.  That's because the string <db>
    is not used in any of the scripts unless it happens to coincide with
    a variable defined in the <db>.cfg file.

NOTE: The next two scripts really walk all over your sql database.  They have
      only been tested with mysql.  So, beware.

create.sh <db> [<pw>]

    This file will take the definitions in <db>.cfg and site.conf to
    create the sql database and user.

destroy.sh <db> [<pw>]

    This file will take the definitions in <db>.cfg and site.conf to
    destroy the sql database and user.

NOTE: The following are templates which should be used as a guide to set
     up the relevant configuration file.

site-conf.template 

    Use this file to construct the "site.conf" file.  Note, site.conf
    is the name of the site configuration file; "site.conf" spelled 's',
    'i', 't', 'e' dot conf.  It is not a snort configuration file.

db-cfg.template

    Use this file to construct your <db>.cfg file where <db> can be a
    reasonable name, in particular it could be the basename of your
    WEB_BASE variable.  But, is not required to be.

Makefile

    This doesn't do too much.  I use it to make a tar of the relevant
    files and keep a version number.  If you type just 'make' it will
    dump this README file.  Or, you can type 'make tar' and create
    acd-0.<version>.tgz.

aa.conf

    Contains just the relevant entries you should put in your "snort.conf"
    file to use the sql database you created with the above scripts.  I use
    small 2 character sensor identifiers ('aa' for example) do differentiate
    between the various sensors I might have logging to the same database.

