Adding a snort_archive Database to an Existing Snort/BASE Installation
1. Create snort_archive database and assign permissions to snort user
2. Set up tables using schema from snort
3. Export existing snort database
4. Import snort database into snort_archive
5. Modify base_conf.php to enable archive database
6. At BASE home page, select link "Use archive database"
7. Select Total alerts link (the number of total alerts)
8. Select Delete alerts for entire query
$ mysql -u root -p
mysql> create database snort_archive;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort@localhost;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort;
mysql> exit
2. Set up tables using schema from snort
$ cd $SNORT_SOURCE_DIRECTORY/schemas
$ mysql -u root -p < create_mysql snort_archive
3. Export existing snort database
$ mysqldump -p snort > snort-backup.sql
4. Import snort database into snort_archive
$ mysql -p snort_archive < snort-backup.sql
5. Modify base_conf.php to enable archive database
archive_exists = 1; # Set this to 1 if you have an archive DB
$archive_dbname = 'snort_archive';
$archive_host = 'localhost';
$archive_port = '';
$archive_user = 'snort';
$archive_password = '$PASSWORD';
6. At BASE home page, select link "Use archive database"
7. Select Total alerts link (the number of total alerts)
8. Select Delete alerts for entire query
1 Comments:
Awesome. Aside from removing the CLI prompts, this works as cut and paste. Thanks!
Post a Comment
<< Home