|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Snort-users] acid/base recovery
From: John Hally (JHally
epnet.com)
Date: Mon Jun 06 2005 - 11:42:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Doh!
I should have known that one.
Thanks Joel/Dominik!
-----Original Message-----
From: Joel Esler [mailto:eslerjgmail.com]
Sent: Monday, June 06, 2005 12:25 PM
To: Dominik Gehl
Cc: John Hally; snort-userslists.sourceforge.net
Subject: Re: [Snort-users] acid/base recovery
You would have to create the snort database found in the
"create_mysql" directory. This isn't the "ACID" database..per say..
it's the Database that Snort is commonly coded to log to..
On 6/6/05, Dominik Gehl <dgehlinverse.ca> wrote:
> Hi,
>
> you can find the MySQL db script to create the ACID database in the
> snort distribution at snort-2.3.3/schemas/create_mysql
>
> Dominik
>
> On Mon, 2005-06-06 at 12:12 -0400, John Hally wrote:
> > Hello All,
> >
> >
> >
> > I had the unfortunate happen and lost a raid array that housed all of
> > my alert data for BASE. I'm in the midst of recovering and it looks
> > like that the sql files in the BASE tar file are not the only one(s)
> > needed to rebuild the database. Is acid's original sql table setup
> > required as well? Base is erroring with:
> >
> >
> >
> > Database ERROR: Table 'snort.iphdr' doesn't exist
> >
> >
> >
> > It does not exist after I've run:
> >
> >
> >
> > Mysql -u (user) -p -D snort < create_base_tbls_mysql.sql
> >
> >
> >
> > The tables have been created and this is what I have in
> > my /usr/lib/mysql/snort directory:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > acid_ag_alert.frm
> >
> > acid_ag.frm acid
> >
> > event.frm
> >
> > acid_ip_cache.frm
> >
> > base_roles.frm
> >
> > base_users.frm
> >
> > acid_ag_alert.MYD
> >
> > acid_ag.MYD acid_event.MYD
> >
> > acid_ip_cache.MYD
> >
> > base_roles.MYD
> >
> > base_users.MYD
> >
> > acid_ag_alert.MYI
> >
> > acid_ag.MYI
> >
> > acid_event.MYI
> >
> > acid_ip_cache.MYI
> >
> > base_roles.MYI
> >
> > base_users.MYI
> >
> >
> >
> > Thanks in advance!
> >
> >
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games. How far can you
shotput
> a projector? How fast can you ride your desk chair down the office luge
track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
--
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]