Re: [Snort-users] acid/base recovery
This is a discussion on Re: [Snort-users] acid/base recovery within the Snort forums, part of the System Security and Security Related category; You would have to create the snort database found in the "create_mysql" directory. This isn't the "...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-06-2005
|
|||
|
|||
Re: [Snort-users] acid/base recovery
You would have to create the snort database found in the
"create_mysql" directory. This isn't the "ACID" database..per say..=20 it's the Database that Snort is commonly coded to log to.. On 6/6/05, Dominik Gehl <dgehl@inverse.ca> wrote: > Hi, >=20 > you can find the MySQL db script to create the ACID database in the > snort distribution at snort-2.3.3/schemas/create_mysql >=20 > Dominik >=20 > On Mon, 2005-06-06 at 12:12 -0400, John Hally wrote: > > Hello All, > > > > > > > > I had the unfortunate happen and lost a raid array that housed all of > > my alert data for BASE. I'm in the midst of recovering and it looks > > like that the sql files in the BASE tar file are not the only one(s) > > needed to rebuild the database. Is acid's original sql table setup > > required as well? Base is erroring with: > > > > > > > > Database ERROR: Table 'snort.iphdr' doesn't exist > > > > > > > > It does not exist after I've run: > > > > > > > > Mysql -u (user) -p -D snort < create_base_tbls_mysql.sql > > > > > > > > The tables have been created and this is what I have in > > my /usr/lib/mysql/snort directory: > > > > > > > > > > > > > > > > > > > > > > > > acid_ag_alert.frm > > > > acid_ag.frm acid > > > > event.frm > > > > acid_ip_cache.frm > > > > base_roles.frm > > > > base_users.frm > > > > acid_ag_alert.MYD > > > > acid_ag.MYD acid_event.MYD > > > > acid_ip_cache.MYD > > > > base_roles.MYD > > > > base_users.MYD > > > > acid_ag_alert.MYI > > > > acid_ag.MYI > > > > acid_event.MYI > > > > acid_ip_cache.MYI > > > > base_roles.MYI > > > > base_users.MYI > > > > > > > > Thanks in advance! > > > > > > >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. How far can you sho= tput > a projector? How fast can you ride your desk chair down the office luge t= rack? > If you want to score the big prize, get to know the little guy. > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=3D20 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users >=20 --=20 Joel Esler BASE Project Lead http://sourceforge.net/projects/secureideas ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
