Re: Where's Waldo?

[AllowOverride <allowoverride () gmail com>]

hey paul, thanks man! 

On Thu, 2012-10-11 at 22:17 -0500, Paul Schmehl wrote:
> Look in the base config file (base_conf.php).  You will find these 
> configuration options:
>
> $refresh_stat_page = 1;
> $refresh_all_pages = 0;
> $stat_page_refresh_time = 180;
>
> If 3 minutes is too long a refresh time for you, change it.
>
> --On October 11, 2012 5:08:19 PM -0700 AllowOverride 
> <allowoverride () gmail com> wrote:
>
> > base is working, just not refreshing new data after clearing tables with
> > radio button on base gui.
> >
> > not a biggy, it still logs after a short while, havent found exact times
> > though, but i would say less than 24 hours it will populate base gui
> > again. just odd...
> >
> > On Thu, 2012-10-11 at 18:05 -0400, Michael Steele wrote:
> > > BASE is a great place to start out. Maybe when you get everything working
> > > properly then make the switch.
> > >
> > > BASE is a viable option, it may not have a developer behind it right now,
> > > but it's viable as a snort console.
> > >
> > > Michael...
> > >
> > > -----Original Message-----
> > > From: AllowOverride [mailto:allowoverride () gmail com]
> > > Sent: Thursday, October 11, 2012 5:38 PM
> > > To: Peter Bates
> > > Cc: snort-users () lists sourceforge net
> > > Subject: Re: [Snort-users] Where's Waldo?
> > >
> > > im looking into snorby, since base is dead... thanks
> > >
> > > On Thu, 2012-10-11 at 20:58 +0100, Peter Bates wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > >
> > > > Hello all
> > > >
> > > > On 11/10/2012 20:29, AllowOverride wrote:
> > > > > just a test, i will clear tables, and close browser, come back in 1
> > > > > hour increments, and see if that is the issue, it takes an hour to
> > > > > input new data after base clear table buttons have cleared. im
> > > > > assume there is a switch in the configs to make it quicker.
> > > >
> > > > I've never personally looked for the option to clear tables in BASE
> > > > but I can say I use a script called archivesnort.pl which moves alerts
> > > > after 7 days to the archive DB and deletes them after 30.
> > > >
> > > > If that is available with BASE I'd suggest you try that - i.e.
> > > > modifying the database outside of the web interface - if you can't
> > > > find it I can post it to the ML.
> > > >
> > > > That's what we do and I've never seen the problem you're describing.
> > > >
> > > > Alternatively, why not look at Snorby as a WUI - that has an inbuilt
> > > > option to trim(*) the database after a fixed number of events.
> > > >
> > > > * - by trim I mean 'delete oldest events but not the entire contents
> > > > of the table' - I can't think of a better word.
> > > >
> > > > - --
> > > > Peter Bates
> > > > Senior Computer Security Officer    Phone: +44(0)2076792049
> > > > Information Services Division        Internal Ext: 32049
> > > > University College London
> > > > London WC1E 6BT
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.11 (Darwin)
> > > > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> > > >
> > > > iQEcBAEBAgAGBQJQdyTUAAoJELhVoVpEMS6RsvgH/iJ00PzneI6hlwoFiZz2Xtab
> > > > D+T9Xr69BcHxlZ8FLpWWkkJQWxaeLIIQUKs6yWdkeD3Nn+8P9prpHFfdCeIV55a4
> > > > ICMyIuPj09EMMWyTLQzO2+VZwYh4RmJ4e/XuyD2VAfYobScJdrz6/fHsV6mn0Bm/
> > > > J3SaKlYA4Wm/ou+x5rvJW3J9gSOpQoLfLTUBqBnr3yv8SxiKJQw1WZvYHr2LF0lb
> > > > NxgaQlNjVZtokg0B3fIj6Dhhyecj7M+tjrSs0wqqXd5rU1oOgvDwdiLr1LfYNCAs
> > > > zBd87P9j1mVF9VlLgBhtLr+3/jOVIGAooQK4QWOtLtASmrlBOp7H4rhhIxvP5oQ=
> > > > =S82d
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > > ----------------------------------------------------------------------
> > > > -------- Don't let slow site performance ruin your business. Deploy
> > > > New Relic APM Deploy New Relic app performance management and know
> > > > exactly what is happening inside your Ruby, Python, PHP, Java, and
> > > > .NET app Try New Relic at no cost today and get our sweet Data Nerd
> > > > shirt too!
> > > > http://p.sf.net/sfu/newrelic-dev2dev
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > > > Please visit http://blog.snort.org to stay current on all the latest
> > > > Snort
> > > news!
> > >
> > >
> > > ------------------------------------------------------------------------
> > > ---- --
> > > Don't let slow site performance ruin your business. Deploy New Relic APM
> > > Deploy New Relic app performance management and know exactly what is
> > > happening inside your Ruby, Python, PHP, Java, and .NET app Try New
> > > Relic at no cost today and get our sweet Data Nerd shirt too!
> > > http://p.sf.net/sfu/newrelic-dev2dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > > Snort news!
> >
> >
> > -------------------------------------------------------------------------
> > ----- Don't let slow site performance ruin your business. Deploy New
> > Relic APM Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!