Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: view alerts in base

From: John Gay <john.gay () sourcefire com>
Date: Mon, 20 Apr 2009 17:44:21 -0400
If you are using the database output plugin with Snort 2.8.4 there is a
known issue. A patch was posted the other week. Try using unified output and
something like barnyard to write to the db.

John

On Apr 19, 2009 11:40 AM, "David Kingsly" <davidkingsly () verizon net> wrote:

Greetings-
 I see alerts in mysql and in alerts folder in /var/logs/snort.  But
base page is blank. I checked mysql by logging in using the same
account, and password, and I did select * on some tables.  But they do
not show up in Base.  Is there a log file I can look at?  How can find
out what is wrong please?  Here is some logs I suspect:

daemon.log:Apr 19 10:47:08 thunder snort[21347]:     Target-based
policy: WINDOWS
daemon.log:Apr 19 10:47:14 thunder snort[21351]: database: inconsistent
cid information for sid=1
daemon.log.0:Apr 12 12:04:26 thunder snort[20659]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 12 12:11:02 thunder snort[20755]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 12 12:13:04 thunder snort[20763]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 12 12:13:41 thunder snort[20962]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 12 15:23:24 thunder snort[29865]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 16 20:58:11 thunder snort[5993]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 16 20:58:18 thunder snort[5993]: database: inconsistent
cid information for sid=1
daemon.log.0:Apr 16 21:35:48 thunder snort[5967]:     Target-based
policy: WINDOWS
daemon.log.0:Apr 16 21:35:55 thunder snort[5967]: database: inconsistent
cid information for sid=1



------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: