On Jul 22, 2006, at 12:27 AM, Gerhard Mourani wrote:
I can see that into the ACTION pull down menu we have an option to archive
alerts into snort_archive db [Archive alert(s) (move)] and understand that
for this feature to work I need to create the snort_archive db in mysql (I
use mysql for the db), then activate the feature into the base_conf file
and finally create the db. The last one is missing, I cannot find into the
code source or anywhere else the db structure to use for snort_archive. I
presume it is the same as the one created for snort db durring first web
setup time but the structure is inside a php file under the setup
directory. My question is -> do you have a .sql file to use for creating
this db structure inside snort_archive db or other ways to do it?
Yes it is the same structure. In the sql directory is a create sql script.
All you have to do is load that into the archive database.
GCIA, GCIH, CEH
BASE Project Lead
The next step in IDS analysis!