[Snort-users] BASE Error when using Unified to MySQL?

Michael Steele michaels at ...9077...
Tue Jul 19 16:48:55 EDT 2011


I'm using BASE / MySQL  as my front end, and database. This is also a brand
new install.

This is the initial error:
base\includes\base_cache.inc.php:776: ERROR:  2 alerts have NOT found their
way into acid_event with sid = 1

Then there are a bunch of these listed below the initial error with
advancing error numbers (1-130 : 1-131, etc) 
base\includes\base_cache.inc.php:521: ERROR: Alert "1 - 130" could NOT be
found in acid_event

All the alerts that 'could NOT be found in acid_event' never make it into
the BASE console.

This doesn't happen when using the output database plugin, only when BASE
receives unified alerts.

Refreshing BASE with no alerts to process, is a normal BASE screen.
Processing any new alerts, cause this to happen, and not all alerts appear
to create the error because there are alerts in the BASE console.

BASE add some alerts ' Added 6 alert(s) to the Alert cache' , and above that
there were 8 alerts that failed '(Alert "1 - 158" could NOT be found in
acid_event).

I've seen a lot of inquiries using Google about this exact same problem, but
I've yet to see a resolution.

Any help would be greatly appreciated. It appears this error is crossing
platforms. The inquires I've seen are on UNIX and I'm on Windows. Maybe
someone else had this problem, and has a resolution?

Does the 'sid-msg.map' or 'gen-msg.map' get processed in any way, or are
they used as is from the source files?

Kindest regards,
Michael...





More information about the Snort-users mailing list