I have installed WinIDS on a 2003 server and have a MySQL backed.
I have 2 dbs the alert db and the archive db.
However there is no data in the archive db.
How does one archive data?
So far I have seen scripting solutions but apparently BASE has an archiving function... however I can't seem to find it.
Base version 1.4.1 (Lara).
Thanks for your help.
At the bottom of the Alert view screen you'll see a box marked 'ACTION'. Click the first drop-down list and the last entry is 'Archive alert(s) (move)'. Select the alerts you want archived then select this option and 'Entire Query' - this will archive them off to the Archive DB.
If you're doing this in Windows don't expect to be able to do more than about 1500 alerts at once - I've never got it to archive more than that amount in one go. It is MUY tedious... but if you install it on a Linux box its ten times quicker. I've got it running on Ubuntu and can happily aerchive about 30000 aelrts in less than a minute.