Snort mailing list archives
Re: Problems with snort and B.A.S.E
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 11 Apr 2009 17:40:21 -0400
It's been awhile but, if I remember correctly, snort doesn't write to acid_event. Base does when you open the base interface. Does base have the proper permissions to mysql? -- Joel Esler Sent from my iDevice On Apr 11, 2009, at 12:59 PM, Stephen Reese <rsreese () gmail com> wrote:
I also have this problem with Base 1.4.1, Snort 2.8.1, and 5.0.32 on Linux debian 2.6.18-6-686 complied with ./configure --with-mysql --with-snmp --enable- dynamicplugin Snort is writing to 'event' but not 'acid_event'. On Wed, Feb 11, 2009 at 3:48 PM, Kaustubh Gadkari <kaustubh.gadkari () gmail com> wrote:You should be seeing some of these in the mysql query log: INSERT INTO acid_event (sid,cid,signature,timestamp,etc.I do see these event in the mysql query log, but base still shows nothing :( KaustubhThose are snort events being inserted into the base table structure by base (see the base/includes/base_cache.inc.php file). Perhaps the query log has an error in it that will tip you off to what the problem might be? Perhaps try dropping and recreating the tables? Rerun the base setup routine? Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying-- Kaustubh Gadkari kaustubh [dot] gadkari [at] gmail [dot] com --- --- --- --------------------------------------------------------------------- Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/ adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--- --- --- --------------------------------------------------------------------- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Problems with snort and B.A.S.E Stephen Reese (Apr 11)
- Re: Problems with snort and B.A.S.E Joel Esler (Apr 11)
- Re: Problems with snort and B.A.S.E Stephen Reese (Apr 11)
- Re: Problems with snort and B.A.S.E Joel Esler (Apr 11)