Adding a snort_archive Database to an Existing Snort/BASE Installation

1. Create snort_archive database and assign permissions to snort user

$ mysql -u root -p
mysql> create database snort_archive;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort@localhost;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort;
mysql> exit

2. Set up tables using schema from snort

$ cd $SNORT_SOURCE_DIRECTORY/schemas
$ mysql -u root -p < create_mysql snort_archive

3. Export existing snort database

$ mysqldump -p snort > snort-backup.sql

4. Import snort database into snort_archive

$ mysql -p snort_archive < snort-backup.sql

5. Modify base_conf.php to enable archive database

archive_exists   = 1; # Set this to 1 if you have an archive DB
$archive_dbname   = 'snort_archive';
$archive_host     = 'localhost';
$archive_port     = '';
$archive_user     = 'snort';
$archive_password = '$PASSWORD';

6. At BASE home page, select link "Use archive database"
7. Select Total alerts link (the number of total alerts)
8. Select Delete alerts for entire query