[Snort-users] BASE Error when using Unified to MySQL?
james.lay at ...15009...
Wed Jul 20 15:04:26 EDT 2011
> -----Original Message-----
> From: Michael Steele [mailto:michaels at ...9077...]
> Sent: Tuesday, July 19, 2011 2:49 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] BASE Error when using Unified to MySQL?
> I'm using BASE / MySQL as my front end, and database. This is also a
> new install.
> This is the initial error:
> base\includes\base_cache.inc.php:776: ERROR: 2 alerts have NOT found
> way into acid_event with sid = 1
> Then there are a bunch of these listed below the initial error with
> advancing error numbers (1-130 : 1-131, etc)
> base\includes\base_cache.inc.php:521: ERROR: Alert "1 - 130" could NOT
> found in acid_event
> All the alerts that 'could NOT be found in acid_event' never make it
> the BASE console.
> This doesn't happen when using the output database plugin, only when
> receives unified alerts.
> Refreshing BASE with no alerts to process, is a normal BASE screen.
> Processing any new alerts, cause this to happen, and not all alerts
> to create the error because there are alerts in the BASE console.
> BASE add some alerts ' Added 6 alert(s) to the Alert cache' , and
> there were 8 alerts that failed '(Alert "1 - 158" could NOT be found
> I've seen a lot of inquiries using Google about this exact same
> I've yet to see a resolution.
> Any help would be greatly appreciated. It appears this error is
> platforms. The inquires I've seen are on UNIX and I'm on Windows.
> someone else had this problem, and has a resolution?
> Does the 'sid-msg.map' or 'gen-msg.map' get processed in any way, or
> they used as is from the source files?
> Kindest regards,
What's your setup look like? What versions of snort/barnyard2 are you
using? I've had success with:
I'm logging unified2 and haven't seen any issues thus far.
More information about the Snort-users