Snort mailing list archives

BASE Error when using Unified to MySQL?

From: "Michael Steele" <michaels () winsnort com>
Date: Tue, 19 Jul 2011 16:48:55 -0400

I'm using BASE / MySQL  as my front end, and database. This is also a brand
new install.

This is the initial error:
base\includes\base_cache.inc.php:776: ERROR:  2 alerts have NOT found their
way into acid_event with sid = 1

Then there are a bunch of these listed below the initial error with
advancing error numbers (1-130 : 1-131, etc) 
base\includes\base_cache.inc.php:521: ERROR: Alert "1 - 130" could NOT be
found in acid_event

All the alerts that 'could NOT be found in acid_event' never make it into
the BASE console.

This doesn't happen when using the output database plugin, only when BASE
receives unified alerts.

Refreshing BASE with no alerts to process, is a normal BASE screen.
Processing any new alerts, cause this to happen, and not all alerts appear
to create the error because there are alerts in the BASE console.

BASE add some alerts ' Added 6 alert(s) to the Alert cache' , and above that
there were 8 alerts that failed '(Alert "1 - 158" could NOT be found in
acid_event).

I've seen a lot of inquiries using Google about this exact same problem, but
I've yet to see a resolution.

Any help would be greatly appreciated. It appears this error is crossing
platforms. The inquires I've seen are on UNIX and I'm on Windows. Maybe
someone else had this problem, and has a resolution?

Does the 'sid-msg.map' or 'gen-msg.map' get processed in any way, or are
they used as is from the source files?

Kindest regards,
Michael...


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation

Current thread:

BASE Error when using Unified to MySQL? Michael Steele (Jul 19)
- Re: BASE Error when using Unified to MySQL? Lay, James (Jul 20)