On Jul 22, 2006, at 12:27 AM, Gerhard Mourani wrote:

Kevin,

I can see that into the ACTION pull down menu we have an option to archive
alerts into snort_archive db [Archive alert(s) (move)] and understand that
for this feature to work I need to create the snort_archive db in mysql (I
use mysql for the db), then activate the feature into the base_conf file
and finally create the db. The last one is missing, I cannot find into the
code source or anywhere else the db structure to use for snort_archive. I
presume it is the same as the one created for snort db durring first web
setup time but the structure is inside a php file under the setup
directory. My question is -> do you have a .sql file to use for creating
this db structure inside snort_archive db or other ways to do it?

Gerhard,

Hi-

Yes it is the same structure.  In the sql directory is a create sql script.

All you have to do is load that into the archive database.

Kevin
---------------------
GCIA, GCIH, CEH
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!