Snort mailing list archives
Re: Anyone using Base?
From: SnortFan <SnortFan () yahoo com>
Date: Sat, 10 Aug 2013 07:34:10 -0400
When comparing Michael's files to mine, I found minor differences in a few. 5 of which were non language supporting files. Still none corrected the database errors it is displaying. I temporally commented out the alerts. I'm still trouble shooting the DB errors between other fires at work and will post once I figure it out. Thanks, Ed Sent from a mobile device. On Aug 9, 2013, at 7:23 AM, "Michael Steele" <michaels () winsnort com> wrote:
I am not at all of the changes I made through the years. The changes I made was not by me but found from other users. I could send you my distribution, but you would need to do a diff on it to find the differences? Best regards, Michael... WINSNORT.com Management… -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* -----Original Message----- From: Randal T. Rioux [mailto:randy () procyonlabs com] Sent: Friday, August 09, 2013 3:17 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Anyone using Base? If you (and anyone else) want their changes added to the official BASE distribution, send them to me and I'll squeeze out a minor version. Still working in the background on my new project. But, it'd be nice to support those who still use the one that never dies :-) Randy On 8/7/2013 5:24 PM, SnortFan wrote:Hi Michael, If you could zip it, it might fit in an email. I'll use it to compare will my files. Thanks, Ed Sent from a mobile device. On Aug 7, 2013, at 1:18 PM, "Michael Steele" <michaels () winsnort com <mailto:michaels () winsnort com>> wrote:Like I said I’m not real sure how I fixed it. There have been a multitude of minor fixes to BASE that has spanned over several different posts since the last official update of BASE. I have kept up with all that I have seen, and if you want to my BASE, let me know and I’ll post it. My WinIDS guides shows setting the error reporting as below. Not sure why this was done? *Original Line(s):*error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT *Change to:* ; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT I’m using the production.ini, and I have the below set. display_errors = Off Best regards, Michael... WINSNORT.com <http://WINSNORT.com> Management… -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com <http://www.winsnort.com/> * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org <http://www.snort.org/> * ********************************************************* *From:*SnortFan [mailto:SnortFan () yahoo com] *Sent:* Wednesday, August 07, 2013 9:13 AM *To:* Y M; snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> *Subject:* Re: [Snort-users] Anyone using Base? I checked my /etc/php.ini file and the display_errors = Off is set. Would that over ride the error_reporting setting? Thanks, Ed Sent from a mobile device. On Aug 6, 2013, at 5:01 PM, Y M <snort () outlook com <mailto:snort () outlook com>> wrote: You will have to tune the error/notices notifications in the php.ini file to limit them off. Specifically this line: error_reporting = E_ALL Into this (or something similar): error_reporting = E_ALL & ~E_NOTICE --------------------------------------------------------------------- --- *From: *SnortFan <mailto:SnortFan () yahoo com> *Sent: *8/6/2013 11:50 PM *To: *Y M <mailto:snort () outlook com> *Subject: *Re: [Snort-users] Anyone using Base? I started with a clean install and empty tables and only fed it one sensor feed from barnyard 2.1.13. I see alerts but I also get the errors. If I refresh sometimes the errors go away. Then sometimes on the next refresh there are errors again. I turned on all my feeds and alert data is going into the database but these errors on the Base interface, some times a page full are annoying the end users. Thanks, Ed <image.jpeg> Sent from a mobile device. On Aug 6, 2013, at 4:24 PM, Y M <snort () outlook com <mailto:snort () outlook com>> wrote: Do you still see alerts on the main_base.php page? Or there are no alerts at all? Also, try cleaning all tables, not only the acid tables. --------------------------------------------------------------------- --- *From: *SnortFan <mailto:SnortFan () yahoo com> *Sent: *8/6/2013 11:13 PM *To: *snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> *Subject: *[Snort-users] Anyone using Base? Reposting in its own thread. I've seen a lot if posts on acid event errors on the internet but no explanation or solution. I started with a clean install on MySQL 5.1.6 using innodb. A clean newly created set of base acid tables and the started just one barnyard2 process feeding it. I'm seeing the ERROR: Alert .... could NOT be found in acid_event messages upon refreshing the base interface. I was hoping that starting with a clean DB would get rid of these errors. Has anyone ever found a solution? Is it a true error or is it because the database is too busy? Is anyone using base and not getting these errors? Thanks, Ed Sent from a mobile device. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!---------------------------------------------------------------------- -------- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.c lktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Anyone using Base? SnortFan (Aug 06)
- Re: Anyone using Base? Michael Steele (Aug 06)
- Re: Anyone using Base? SnortFan (Aug 07)
- <Possible follow-ups>
- Re: Anyone using Base? Y M (Aug 06)
- Re: Anyone using Base? SnortFan (Aug 07)
- Re: Anyone using Base? Michael Steele (Aug 07)
- Re: Anyone using Base? SnortFan (Aug 07)
- Re: Anyone using Base? Randal T. Rioux (Aug 09)
- Re: Anyone using Base? Michael Steele (Aug 09)
- Re: Anyone using Base? SnortFan (Aug 10)
- Re: Anyone using Base? Michael Steele (Aug 07)
- Re: Anyone using Base? Michael Steele (Aug 06)