Re: Archive alert from ACID/BASE

[Paul Schmehl <pauls () utdallas edu>]

--On Monday, March 21, 2005 09:18:01 AM -0800 Wayne Ho 
<wenghon828 () yahoo com> wrote:

> Snort guru:
>
> Can anyone walk me through how to "duplicate" the BASE
> table/database schema to another database within the
> MySQL, so that I can archive alerts to this
> "secondary" database for longer retention? Which
> tool/utility you use to archive alert?
> I saw BASE can archive alerts (move) under action item
> list. However, where I need to configure so those
> alerts will be archived to proper location?
Log in to mysql:
mysql -u root -p

At the prompt, type "CREATE DATABASE {yournamehere};
for example "CREATE DATABASE archive;

Log out of mysql.

At the commandline type mysql -u root -p archive </path/to/the/create_mysql 
script
for example: mysql -u root -p archive </home/fred/create_mysql

Edit the base_conf.php file to indicate the name of the archive db.
/* Archive DB connection parameters */
$archive_dbname   = "archive";
$archive_host     = "localhost";
$archive_port     = "";
$archive_user     = "archive";
$archive_password = "archive";

(Obviously you should use a username and password different from this 
example.)

Once you've done that, you can archive events using BASE.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users