Archiving data

  • Darkstar33


    I have installed WinIDS on a 2003 server and have a MySQL backed.

    I have 2 dbs the alert db and the archive db.

    However there is no data in the archive db.

    How does one archive data?

    So far I have seen scripting solutions but apparently BASE has an archiving function...  however I can't seem to find it.

    Base version 1.4.1 (Lara).

    Thanks for your help.

    • Zebulebu

      At the bottom of the Alert view screen you'll see a box marked 'ACTION'. Click the first drop-down list and the last entry is 'Archive alert(s) (move)'. Select the alerts you want archived then select this option and 'Entire Query' - this will archive them off to the Archive DB.

      If you're doing this in Windows don't expect to be able to do more than about 1500 alerts at once - I've never got it to archive more than that amount in one go. It is MUY tedious... but if you install it on a Linux box its ten times quicker. I've got it running on Ubuntu and can happily aerchive about 30000 aelrts in less than a minute.