Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Third Party Tools » ACID and BASE not working....any other tools to archive and query snort data?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

ACID and BASE not working....any other tools to archive and query snort data?


Posted by hyades on August 03, 2005 08:39:24

I have installed a snort 2.3.3 server on mysql 4.1.11 on Fedora Core 4. I have also installed snortreport, barnyard, oinkmaster and all dependent applications. Everything seems to work except ACID and BASE cannot create the AG tables on the mysql database. When I click on the CREATE ACID AG button, nothing happens. I have verified acid_conf.php file hundreds to times. I have also verified the grants for the mysql account I am using and even manually created a table with that account. Does anybody know any other tools I could install for archiving, sorting and querying mysql data for use as a snort reporting tool? thanks.
P.S - I was able to do this when I installed mysql from source on another system, but this current system I used the Fedora OS rpm to install mysql.
P.S.S - i have not tried downgrading to mysql 3.23 since it worked before on later versions of mysql.

Posted by hgkeh on August 03, 2005 22:25:55

Try installing MySQL 4.0 first, create the ACID/BASE database then only upgrade to 4.1

Posted by hyades on August 04, 2005 13:59:26

Thanks for the reply. Sorry if my original post was not specific enough, but I did install mysql first...before acid/base.

Posted by chris on August 05, 2005 13:28:23

Hi haydes, have you tried creating the AG tables with the debugging option switched on in BASE, or php ?

Posted by Joel_Esler on August 26, 2005 15:42:52

Best place to seek base assitance is on their website base.secureideas.net

Joel Esler
SOURCEfire

Posted by jb8578 on November 16, 2006 06:58:46

Look for the file in /var/www/html/acid

called create_acid_tbls_mysql.sql

These are the SQL commands to create the acid tables.

Now connect to your sql database in terminal and run the commands

Here is an example of creating the acid_ag_alert table:

[root@localhost ~#]# mysql -p
enter password:

mysql>use snort

mysql>CREATE TABLE acid_ag_alert
->(
->ag_id INT UNSIGNED NOT NULL,
->ag_sid INT UNSIGNED NOT NULL,
->ag_cid INT UNSIGNED NOT NULL,
->PRIMARY KEY (ag_id, ag_sid, ag_cid),
->INDEX (ag_id),
->INDEX (ag_sid, ag_cid));


it should be clear by now what you need to do to create the tables

when done creating them run this command

mysql> SHOW TABLES;

you should the 4 new acid tables you just created.

now when you goto http://localhost/acid in your browser
the main acid page should load correctly.




site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.