[Snort-users] Where's Waldo?
allowoverride at ...11827...
Tue Oct 9 23:09:54 EDT 2012
omg,,, thanks but i am fully aware of how to trbsht, sorry, im not going
to respond to all that... i think its a bug, been there done that
On Tue, 2012-10-09 at 20:46 -0500, Paul Schmehl wrote:
> --On October 9, 2012 12:08:11 PM -0700 AllowOverride
> <allowoverride at ...11827...> wrote:
> >> Step 5: Verify that base can login to the db and read the alerts
> > its working - but when i clear the data tables on base browser gui, no
> > new data is being recorded.
> OK. Base does nothing more than to display what's in the database. So, if
> you empty the tables of data and no new data shows up, base is doing its
> job. The problem lies elsewhere.
> > i noticed that if i restart the services, or
> > restart apache2, it will start displaying again... kinda odd, i would
> > have to restart anything,, wonders if base is really the right solution
> > at this point, or, maybe there is a switch to flick in it
> In order to do fruitful troubleshooting, you have to take one step at a
> time. Restart one service. Does base start displaying alerts again? Then
> that service is the problem. If you restart several services and base
> starts displaying alerts again, you have no way of knowing which service is
> the problem.
> Your problem sounds like one that used to occur with barnyard2 - lost
> connections to the database - but it's hard to tell without knowing which
> service restarts the alerts.
> Look at the timestamps and sizes on the snort logs. Is it continually
> logging? When the log files turn over, does the new one grow in size?
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
More information about the Snort-users