[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Wed Oct 10 14:17:09 EDT 2012


HI Mike,

yes i have gone over the trbsht steps a few times over, but i have had
the same issues. as for base-1.4.5 that was my final step. it is logging
fine now, i may have a few more questions if i can not find the info in
the docs/readmes/howtos so forth.

i ask here, since base was heavily promoted over time, and some still
use it. i figure they might have had the same issue:

data > mysql > base > clean tables > base without manually doing
something will start to input data to base again to view.

i did mention im using FF and version, and how i restarted each piece
per instructions given/and my own knowledge, however, it still exists,

A. its a bug - someone has seen before
B. its mozilla FF
C. something in plethora of base confs needs to be turned on.
D. its a bug - no one else has seen

thanks for your input and tude ;)

On Wed, 2012-10-10 at 13:43 -0400, Michael Steele wrote:
> This is not a BUG in BASE, you have a self-inflected injury to another
> support program. 
> 
> Go back and read all the replies that you have received from all the users
> to you from this list. The answer as to how to trouble shoot, is all there.
> You are going all back over the same problems multiple times, and no I'm not
> going to go back through all the emails and point out the ones you need to
> read.
> 
> Michael...
> 
> -----Original Message-----
> From: AllowOverride [mailto:allowoverride at ...11827...] 
> Sent: Wednesday, October 10, 2012 11:38 AM
> To: Paul Schmehl
> Cc: snort-users
> Subject: Re: [Snort-users] Where's Waldo?
> 
> who is we've. you represent everyone? who the hell are you...
> i don't need your kinda of help. go away
> 
> On Tue, 2012-10-09 at 22:58 -0500, Paul Schmehl wrote:
> > It's a very strange bug.  It only exists on your system.
> > 
> > We've been using base for as long as it's existed, and our copy has 
> > never had that bug.
> > 
> > --On October 9, 2012 8:09:54 PM -0700 AllowOverride 
> > <allowoverride at ...11827...> wrote:
> > 
> > > omg,,, thanks but i am fully aware of how to trbsht, sorry, im not 
> > > going to respond to all that... i think its a bug, been there done 
> > > that
> > >
> > > On Tue, 2012-10-09 at 20:46 -0500, Paul Schmehl wrote:
> > >> --On October 9, 2012 12:08:11 PM -0700 AllowOverride 
> > >> <allowoverride at ...11827...> wrote:
> > >>
> > >> >> Step 5: Verify that base can login to the db and read the alerts
> > >> > its working - but when i clear the data tables on base browser 
> > >> > gui, no new data is being recorded.
> > >>
> > >> OK.  Base does nothing more than to display what's in the database.  
> > >> So, if  you empty the tables of data and no new data shows up, base 
> > >> is doing its  job.  The problem lies elsewhere.
> > >>
> > >> > i noticed that if i restart the services, or restart apache2, it 
> > >> > will start displaying again... kinda odd, i would have to restart 
> > >> > anything,, wonders if base is really the right solution at this 
> > >> > point, or, maybe there is a switch to flick in it
> > >>
> > >> In order to do fruitful troubleshooting, you have to take one step 
> > >> at a time.  Restart one service.  Does base start displaying alerts
> again?
> > >> Then  that service is the problem.  If you restart several services 
> > >> and base  starts displaying alerts again, you have no way of 
> > >> knowing which service is  the problem.
> > >>
> > >> Your problem sounds like one that used to occur with barnyard2 - 
> > >> lost connections to the database - but it's hard to tell without 
> > >> knowing which  service restarts the alerts.
> > >>
> > >> Look at the timestamps and sizes on the snort logs.  Is it 
> > >> continually logging?  When the log files turn over, does the new one
> grow in size?
> > >>
> > >> Paul Schmehl, Senior Infosec Analyst As if it wasn't already 
> > >> obvious, my opinions are my own and not those of my employer.
> > >> *******************************************
> > >> "It is as useless to argue with those who have renounced the use of 
> > >> reason as to administer medication to the dead." Thomas Jefferson 
> > >> "There are some ideas so wrong that only a very intelligent person 
> > >> could believe in them." George Orwell
> > >>
> > >
> > >
> > 
> > 
> > 
> > Paul Schmehl, Senior Infosec Analyst
> > As if it wasn't already obvious, my opinions are my own and not those 
> > of my employer.
> > *******************************************
> > "It is as useless to argue with those who have renounced the use of 
> > reason as to administer medication to the dead." Thomas Jefferson 
> > "There are some ideas so wrong that only a very intelligent person 
> > could believe in them." George Orwell
> > 
> 
> 
> ----------------------------------------------------------------------------
> --
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly what is
> happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at
> no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
> 
> 





More information about the Snort-users mailing list