Snort mailing list archives
Re: Problems with snort and B.A.S.E
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Tue, 10 Feb 2009 22:45:16 -0600
--On February 10, 2009 10:21:55 PM -0600 Kaustubh Gadkari <kaustubh.gadkari () gmail com> wrote:
So snort is putting events in the db, but base isn't seeing them. Did you edit the base_conf.php file to reflect the proper db type, name and credentials for your setup?Yes. The credentials are right, and so is the db type.Have you enabled sql debugging in the base_conf.php file so you can see what's going on?I did, and it looks like base can connect to the db. Is there anything in particular I should be looking for?
Normal behavior for base is as follows:If you drop the tables and recreate them, base will repopulate them from what's in the "snort" tables (those created by the snort table creation script.) IOW, the base tables are independent of but dependent upon the snort tables. For some reason, even though you have confirmed that snort is writing data to the db, base isn't moving that data into its tables. Since you've confirmed most of the basics already, I'm not not sure what to think at this point. Perhaps look at the mysql logs and see if you spot anything there that might explain why those tables aren't being written to.
You should be seeing some of these in the mysql query log: INSERT INTO acid_event (sid,cid,signature,timestamp,etc.Those are snort events being inserted into the base table structure by base (see the base/includes/base_cache.inc.php file). Perhaps the query log has an error in it that will tip you off to what the problem might be?
Perhaps try dropping and recreating the tables? Rerun the base setup routine?
Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying
Attachment:
_bin
Description:
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 11)
- Re: Problems with snort and B.A.S.E Lee Clemens (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Kaustubh Gadkari (Feb 10)
- Re: Problems with snort and B.A.S.E Paul Schmehl (Feb 10)