[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Wed Oct 10 11:36:42 EDT 2012


huh? I know what Base does.. did you just make a grammar correction...
good friggen grief... 

On Tue, 2012-10-09 at 22:56 -0500, Paul Schmehl wrote:
> Base doesn't produce anything.  It displays what's in the database.  If 
> there's nothing in the database that's what base will display - nothing.
> 
> --On October 9, 2012 8:07:49 PM -0700 AllowOverride 
> <allowoverride at ...11827...> wrote:
> 
> > not so simple, then why does it not continue to produce data,, i set a
> > constant ping, it logs to base, i clear tables, i refresh page, it
> > should still show data logging, thats the bug, OR its mozilla FF
> >
> > On Tue, 2012-10-09 at 20:46 -0500, Paul Schmehl wrote:
> >> --On October 9, 2012 12:08:11 PM -0700 AllowOverride
> >> <allowoverride at ...11827...> wrote:
> >>
> >> >> Step 5: Verify that base can login to the db and read the alerts
> >> > its working - but when i clear the data tables on base browser gui, no
> >> > new data is being recorded.
> >>
> >> OK.  Base does nothing more than to display what's in the database.  So,
> >> if  you empty the tables of data and no new data shows up, base is doing
> >> its  job.  The problem lies elsewhere.
> >>
> >> > i noticed that if i restart the services, or
> >> > restart apache2, it will start displaying again... kinda odd, i would
> >> > have to restart anything,, wonders if base is really the right solution
> >> > at this point, or, maybe there is a switch to flick in it
> >>
> >> In order to do fruitful troubleshooting, you have to take one step at a
> >> time.  Restart one service.  Does base start displaying alerts again?
> >> Then  that service is the problem.  If you restart several services and
> >> base  starts displaying alerts again, you have no way of knowing which
> >> service is  the problem.
> >>
> >> Your problem sounds like one that used to occur with barnyard2 - lost
> >> connections to the database - but it's hard to tell without knowing
> >> which  service restarts the alerts.
> >>
> >> Look at the timestamps and sizes on the snort logs.  Is it continually
> >> logging?  When the log files turn over, does the new one grow in size?
> >>
> >> Paul Schmehl, Senior Infosec Analyst
> >> As if it wasn't already obvious, my opinions
> >> are my own and not those of my employer.
> >> *******************************************
> >> "It is as useless to argue with those who have
> >> renounced the use of reason as to administer
> >> medication to the dead." Thomas Jefferson
> >> "There are some ideas so wrong that only a very
> >> intelligent person could believe in them." George Orwell
> >>
> >
> >
> 
> 
> 
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
> 





More information about the Snort-users mailing list