Those tables come from the sql in the sql directory.  What script did you use?

The setup pages use the same sql commands as are in those files.

Kevin

On Jul 22, 2006, at 9:31 AM, Gerhard Mourani wrote:

Kevin,

I've already do it but some tables are still missing because they come
from php setup scripts, here the dbs.

mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          |
| acid_ag_alert    |
| acid_event       |
| acid_ip_cache    |
| base_roles       |
| base_users       |
| data             |
| detail           |
| encoding         |
| event            |
| icmphdr          |
| iphdr            |
| opt              |
| reference        |
| reference_system |
| schema           |
| sensor           |
| sig_class        |
| sig_reference    |
| signature        |
| tcphdr           |
| udphdr           |
+------------------+
23 rows in set (0.01 sec)

mysql> use snort_archive;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+-------------------------+
| Tables_in_snort_archive |
+-------------------------+
| base_roles              |
| base_users              |
| data                    |
| detail                  |
| encoding                |
| event                   |
| icmphdr                 |
| iphdr                   |
| opt                     |
| reference               |
| reference_system        |
| schema                  |
| sensor                  |
| sig_class               |
| sig_reference           |
| signature               |
| tcphdr                  |
| udphdr                  |
+-------------------------+
19 rows in set (0.00 sec)

As you can see, the following tables are missing into snort_archive db ->
acid_ag, acid_ag_alert, acid_event and acid_ip_cache.

Gerhard,


On Jul 22, 2006, at 12:27 AM, Gerhard Mourani wrote:

Kevin,

I can see that into the ACTION pull down menu we have an option to
archive
alerts into snort_archive db [Archive alert(s) (move)] and
understand that
for this feature to work I need to create the snort_archive db in
mysql (I
use mysql for the db), then activate the feature into the base_conf
file
and finally create the db. The last one is missing, I cannot find
into the
code source or anywhere else the db structure to use for
snort_archive. I
presume it is the same as the one created for snort db durring
first web
setup time but the structure is inside a php file under the setup
directory. My question is -> do you have a .sql file to use for
creating
this db structure inside snort_archive db or other ways to do it?

Gerhard,

Hi-

Yes it is the same structure.  In the sql directory is a create sql
script.

All you have to do is load that into the archive database.

Kevin
---------------------
GCIA, GCIH, CEH
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Secureideas-base-devel mailing list
Secureideas-base-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/secureideas-base-devel



-- 
Gerhard Mourani

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------
GCIA, GCIH, CEH
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!