[Snort-users] Added 0 alert(s) to the alert cache??

Kevin Johnson kjohnson at ...12400...
Thu Jan 11 23:32:12 EST 2007


On Jan 8, 2007, at 4:11 PM, Luis Torres wrote:
> Hi,
>
> After going through the installation guide found here *http:// 
> www.snort.org/docs/setup_guides/Snort_Base_Minimal.pdf* I see my  
> logfiles as well as the alert one created, I see minimal info on  
> BASE but I keep seeing this message: Added 0 alert(s) to the alert  
> cache
>
> That makes me think something didn't go well. I've looked around  
> for a solution to this but no luck yet.

Sorry for the delay in answering, I have been swamped getting  
everything done so I could attend SANS Bootcamp here in Orlando  
(anyone else for a BoF?)..... The message "Added 0 alerts to the  
alert cache" just means that since the last time you refreshed the  
page, no new alerts have happened.  What happens with the alert cache  
is that as the page is loaded, BASE will cache the alerts into the  
various DB tables.

So basically your system is working correctly, unless Snort is not  
seeing things it should?

Hope that helps,
Kevin

Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas
http://www.secureideas.net



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070111/d7150f8b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070111/d7150f8b/attachment.sig>


More information about the Snort-users mailing list