BASE and Snorby running together

["Castle, Shane" <scastle () bouldercounty org>]

I'd like to try running BASE and Snorby (using Security Onion platform) together against the same database. I'm 
thinking that I only have to add the database tables peculiar to BASE:
acid_ag
acid_ag_alert
acid_event
acid_ip_cache
base_roles
base_users

I realize this is probably simplistic and there could be issues, such as deleting alerts in BASE will probably not 
delete all the alert data in all the tables. If anyone has done this dual setup successfully and has warnings or errors 
to avoid I'd like to know.

I might have to modify the BASE code to run successfully this way. Please, no evangelizing of Snorby over BASE; I just 
like a lot of the features available in BASE that are not there in Snorby (or if they are I can't seem to find them). 
OTOH there are a lot of BASE issues that drive me nuts and make me wish for an active support group.

And yes, I know this is probably a lost cause. I'd like to try anyway.

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH


------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!