Re: Archiving events via BASE

[a0037 <a0037 () jl2 example com>]

On Fri, Jun 22, 2007 at 03:23:05AM -0700, David Ryan wrote:
 
> There seems to be a problem with the archiving function, 
> but I don't know if I am using it incorrectly.  I had one 
> particular alert with 15,000+ events, so I went in to the 
> view of unique alerts, selected the relevant icon on the 
> list and selected 'archive (move) selected' from the actions.  
> After a long time the transaction seemed to finish OK, 
> but when I went in to look at it again there was still 
> some large number of these events . . . maybe 5,000+.  
> I checked the archive database and many of the entries 
> had been moved.  I repeated the procedure and it came down 
> to 1,000+ events.  Then I repeated it and it left 1.  
> No matter how many times I repeat, this 1 event will not move.
>
> So, here's the question - how come when I asked BASE to move 
> all the records of a particular type it only moved part of them, 
> and how come it refuses to move the last transaction ?  
> It makes me a bit wary of the archive funtion if it has this 
> type of issue.

Hi,

php knows a timeout for each script. BASE increases this timeout
a little bit, but not enough for such a huge number of alerts.
In base_conf.php look for a line like

        $max_script_runtime = 180;

Set this to 6000 or whatever:

        $max_script_runtime = 6000;

Bye, bye,

Juergen


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users