Snort mailing list archives
Re: Anyone using Base?
From: SnortFan <SnortFan () yahoo com>
Date: Wed, 7 Aug 2013 17:24:24 -0400
Hi Michael,
If you could zip it, it might fit in an email. I'll use it to compare will my files.
Thanks,
Ed
Sent from a mobile device.
On Aug 7, 2013, at 1:18 PM, "Michael Steele" <michaels () winsnort com> wrote:
Like I said I’m not real sure how I fixed it. There have been a multitude of minor fixes to BASE that has spanned over several different posts since the last official update of BASE. I have kept up with all that I have seen, and if you want to my BASE, let me know and I’ll post it. My WinIDS guides shows setting the error reporting as below. Not sure why this was done? Original Line(s): error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT Change to: ; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT I’m using the production.ini, and I have the below set. display_errors = Off Best regards, Michael... WINSNORT.com Management… -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* From: SnortFan [mailto:SnortFan () yahoo com] Sent: Wednesday, August 07, 2013 9:13 AM To: Y M; snort-users () lists sourceforge net Subject: Re: [Snort-users] Anyone using Base? I checked my /etc/php.ini file and the display_errors = Off is set. Would that over ride the error_reporting setting? Thanks, Ed Sent from a mobile device. On Aug 6, 2013, at 5:01 PM, Y M <snort () outlook com> wrote: You will have to tune the error/notices notifications in the php.ini file to limit them off. Specifically this line: error_reporting = E_ALL Into this (or something similar): error_reporting = E_ALL & ~E_NOTICE From: SnortFan Sent: 8/6/2013 11:50 PM To: Y M Subject: Re: [Snort-users] Anyone using Base? I started with a clean install and empty tables and only fed it one sensor feed from barnyard 2.1.13. I see alerts but I also get the errors. If I refresh sometimes the errors go away. Then sometimes on the next refresh there are errors again. I turned on all my feeds and alert data is going into the database but these errors on the Base interface, some times a page full are annoying the end users. Thanks, Ed <image.jpeg> Sent from a mobile device. On Aug 6, 2013, at 4:24 PM, Y M <snort () outlook com> wrote: Do you still see alerts on the main_base.php page? Or there are no alerts at all? Also, try cleaning all tables, not only the acid tables. From: SnortFan Sent: 8/6/2013 11:13 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Anyone using Base? Reposting in its own thread. I've seen a lot if posts on acid event errors on the internet but no explanation or solution. I started with a clean install on MySQL 5.1.6 using innodb. A clean newly created set of base acid tables and the started just one barnyard2 process feeding it. I'm seeing the ERROR: Alert .... could NOT be found in acid_event messages upon refreshing the base interface. I was hoping that starting with a clean DB would get rid of these errors. Has anyone ever found a solution? Is it a true error or is it because the database is too busy? Is anyone using base and not getting these errors? Thanks, Ed Sent from a mobile device. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Anyone using Base? SnortFan (Aug 06)
- Re: Anyone using Base? Michael Steele (Aug 06)
- Re: Anyone using Base? SnortFan (Aug 07)
- <Possible follow-ups>
- Re: Anyone using Base? Y M (Aug 06)
- Re: Anyone using Base? SnortFan (Aug 07)
- Re: Anyone using Base? Michael Steele (Aug 07)
- Re: Anyone using Base? SnortFan (Aug 07)
- Re: Anyone using Base? Randal T. Rioux (Aug 09)
- Re: Anyone using Base? Michael Steele (Aug 09)
- Re: Anyone using Base? SnortFan (Aug 10)
- Re: Anyone using Base? Michael Steele (Aug 07)
- Re: Anyone using Base? Michael Steele (Aug 06)