[Snort-users] BASE Error when using Unified to MySQL?
michaels at ...9077...
Tue Jul 19 16:48:55 EDT 2011
I'm using BASE / MySQL as my front end, and database. This is also a brand
This is the initial error:
base\includes\base_cache.inc.php:776: ERROR: 2 alerts have NOT found their
way into acid_event with sid = 1
Then there are a bunch of these listed below the initial error with
advancing error numbers (1-130 : 1-131, etc)
base\includes\base_cache.inc.php:521: ERROR: Alert "1 - 130" could NOT be
found in acid_event
All the alerts that 'could NOT be found in acid_event' never make it into
the BASE console.
This doesn't happen when using the output database plugin, only when BASE
receives unified alerts.
Refreshing BASE with no alerts to process, is a normal BASE screen.
Processing any new alerts, cause this to happen, and not all alerts appear
to create the error because there are alerts in the BASE console.
BASE add some alerts ' Added 6 alert(s) to the Alert cache' , and above that
there were 8 alerts that failed '(Alert "1 - 158" could NOT be found in
I've seen a lot of inquiries using Google about this exact same problem, but
I've yet to see a resolution.
Any help would be greatly appreciated. It appears this error is crossing
platforms. The inquires I've seen are on UNIX and I'm on Windows. Maybe
someone else had this problem, and has a resolution?
Does the 'sid-msg.map' or 'gen-msg.map' get processed in any way, or are
they used as is from the source files?
More information about the Snort-users