Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE Error when using Unified to MySQL?

From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 20 Jul 2011 13:04:26 -0600



-----Original Message-----
From: Michael Steele [mailto:michaels () winsnort com]
Sent: Tuesday, July 19, 2011 2:49 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] BASE Error when using Unified to MySQL?

I'm using BASE / MySQL  as my front end, and database. This is also a

brand

new install.

This is the initial error:
base\includes\base_cache.inc.php:776: ERROR:  2 alerts have NOT found

their

way into acid_event with sid = 1

Then there are a bunch of these listed below the initial error with
advancing error numbers (1-130 : 1-131, etc)
base\includes\base_cache.inc.php:521: ERROR: Alert "1 - 130" could NOT

be

found in acid_event

All the alerts that 'could NOT be found in acid_event' never make it

into

the BASE console.

This doesn't happen when using the output database plugin, only when

BASE

receives unified alerts.

Refreshing BASE with no alerts to process, is a normal BASE screen.
Processing any new alerts, cause this to happen, and not all alerts

appear

to create the error because there are alerts in the BASE console.

BASE add some alerts ' Added 6 alert(s) to the Alert cache' , and

above that

there were 8 alerts that failed '(Alert "1 - 158" could NOT be found

in

acid_event).

I've seen a lot of inquiries using Google about this exact same

problem, but

I've yet to see a resolution.

Any help would be greatly appreciated. It appears this error is

crossing

platforms. The inquires I've seen are on UNIX and I'm on Windows.

Maybe

someone else had this problem, and has a resolution?

Does the 'sid-msg.map' or 'gen-msg.map' get processed in any way, or

are

they used as is from the source files?

Kindest regards,
Michael...




Michael,

What's your setup look like?  What versions of snort/barnyard2 are you
using?  I've had success with:

Snort-2.9.0.5
Barnyard2-Version 2.1.10-beta1

I'm logging unified2 and haven't seen any issues thus far.

James

------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: