[Snort-users] view alerts in base

Lee Clemens snort at ...13080...
Mon Apr 20 17:19:00 EDT 2009


Can you send the output of

select * from `schema`;


-----Original Message-----
From: David Kingsly [mailto:davidkingsly at ...3147...] 
Sent: Sunday, April 19, 2009 10:45 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] view alerts in base

Just to add to this previous post.  I do not seem to have a sensor id in
my table.  I saw some posts regarding this being the reason for alerts
not showing up in BASE:
mysql> show tables;
+------------------+
| Tables_in_snort  |
+------------------+
| acid_ag          | 
| acid_ag_alert    | 
| acid_event       | 
| acid_ip_cache    | 
| base_roles       | 
| base_users       | 
| data             | 
| detail           | 
| encoding         | 
| event            | 
| icmphdr          | 
| iphdr            | 
| opt              | 
| reference        | 
| reference_system | 
| schema           | 
| sensor           | 
| sig_class        | 
| sig_reference    | 
| signature        | 
| tcphdr           | 
| udphdr           | 
+------------------+
22 rows in set (0.00 sec)

mysql> select * from sensor;
Empty set (0.00 sec)

I do however see alerts in the mysql database .


On Sun, 2009-04-19 at 13:27 -0400, David Kingsly wrote:
> Greetings-
>   I see alerts in mysql and in alerts folder in /var/logs/snort.  But
> base page is blank. I checked mysql by logging in using the same
> account, and password, and I did select * on some tables.  But they do
> not show up in Base.  Is there a log file I can look at?  How can find
> out what is wrong please?  Here is some logs I suspect:
> 
> daemon.log:Apr 19 10:47:08 thunder snort[21347]:     Target-based
> policy: WINDOWS 
> daemon.log:Apr 19 10:47:14 thunder snort[21351]: database: inconsistent
> cid information for sid=1 
> daemon.log.0:Apr 12 12:04:26 thunder snort[20659]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 12 12:11:02 thunder snort[20755]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 12 12:13:04 thunder snort[20763]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 12 12:13:41 thunder snort[20962]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 12 15:23:24 thunder snort[29865]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 16 20:58:11 thunder snort[5993]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 16 20:58:18 thunder snort[5993]: database: inconsistent
> cid information for sid=1 
> daemon.log.0:Apr 16 21:35:48 thunder snort[5967]:     Target-based
> policy: WINDOWS 
> daemon.log.0:Apr 16 21:35:55 thunder snort[5967]: database: inconsistent
> cid information for sid=1 
> 
> 
> 
>
----------------------------------------------------------------------------
--
> Stay on top of everything new and different, both inside and 
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today. 
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> #
> " This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, please
advise the sender immediately and delete this e-mail and all attached
documents from your computer system. Any unauthorised disclosure,
distribution or copying hereof is prohibited."
> 
>  " Ce courriel et les documents qui y sont attaches peuvent contenir des
informations confidentielles. Si vous n'etes  pas le destinataire escompte,
merci d'en informer l'expediteur immediatement et de detruire ce courriel
ainsi que tous les documents attaches de votre systeme informatique. Toute
divulgation, distribution ou copie du present courriel et des documents
attaches sans autorisation prealable de son emetteur est interdite."
> #


----------------------------------------------------------------------------
--
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list