Hosting Provided By

[Snort-users] MySQL & ACID Issues

From: - - <zerobreak(at)dfxdesigns.com>
Date: Tue Mar 11 2003 - 11:14:22 EST

My current setup consists of snort logging to mysql, then using acid to view the logs. Within the web server I have two copies of acid, one configured for the live snort database, the other is for the archive. Making it easier to move back and forth between both databases.

The problem that just showed up about a week ago is that if I go to move events from the live database to the archive through acid. Acid says they have successfully been moved, but when viewing the archived database, they are not added. The database stays the same size with the same amount of alerts before I tried moving any from the live database. They do in fact disappear from the live database too. So if I go to move any alerts, they disappear from the live, and never show up in the archive... losing the events. Also if I check the individual mysql files on the file system, it show's they have been modified.

Checking the logs of snort, apache, & mysql show's nothing out of the ordinary. The live database continues to work fine with new events written to it constantly. In the archive database, I can also delete events. But not copy or move. I tried deleting the snort_archive database and starting over from 0 events before trying to restore the backup, this also did not work. I have a feeling that it's something to do with acid, but I'm not sure. I tried a freshly untared copy of acid and adodb, but this also did not work. My versions are listed below, and any help is greatly appreciated. For now all I can do is leave all the alerts in the live database. But it's getting quite cumbersome.

Slackware 8.1

Snort 1.9.0
MySQL 3.23.55
Adodb 3.10

Acid 0.9.6b23

Thanks again,
ZB

This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Tue Mar 11 12:20:26 2003

This message: [ Message body ]
Next message: Chris Garringer: "[Snort-users] Addressing in rules"
Previous message: Slighter, Tim: "RE: [Snort-users] Packet drop functionality with snort"
Next in thread: Erick Mechler: "Re: [Snort-users] MySQL & ACID Issues"
Reply: Erick Mechler: "Re: [Snort-users] MySQL & ACID Issues"
Reply: Lawrence Reed: "Re: [Snort-users] MySQL & ACID Issues"
Reply: Rossi, Rob: "RE: [Snort-users] MySQL & ACID Issues"
Reply: Erick Mechler: "Re: [Snort-users] MySQL & ACID Issues"
Reply: Lawrence Reed: "Re: [Snort-users] MySQL & ACID Issues"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:48 EDT