Question About Snort - BASE Interface

[Jim Campbell <jim () w4bqp net>]

I have a Snort 2.9.9.0 and BASE 1.4.5 system running in IPS mode. The 
Snort part of the system is working great. My problem is with the BASE 
part of the system.

Yesterday BASE had over 8,000 alerts in its cache. I was concerned about 
the size of the cache so I cleared it. Since then I have been unable to 
get BASE to display alerts.

My current snort.u2.* file has 47787 bytes of data. BASE reports that it 
has 948 Total Events and 2 Cached events. If I ask BASE to display 
alerts it says that "No Alerts were found."

I've had a similar problem in the past but usually sometime later BASE 
begins displaying alerts without my intervention.

I have restarted Snort, Barnyard2, Apache2 and BASE individually and 
that doesn't help. I've rebooted the system and it doesn't help. 
Programs are supposed to function in a predictable manner but BASE doesn't.

Just now, while I was composing this message, BASE began reporting 
alerts beginning with the time stamp of the snort.u2.* file.

Any suggestions would be much appreciated.

Jim

--
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!