[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Thu Oct 11 15:29:40 EDT 2012


it appears to be logging data again to base, 
so you are saying, wait 24 hours for new data to be present?
ic, your point about 1 hour, as most of the configs state 1 hour, 
however, when i first pinged server and ICMP hits were displayed on
base, it was instantaneous. so you see where i get my idea, that after
clearing a completely blank table, displayed data on base, and by
clearing tables, it wont display data quickly EVEN after i restart
services, or clear or snort.logs,alerts, or restart snort/barnyard2
processes. see my point?

i see yours. thanks.

just a test, i will clear tables, and close browser, come back in 1 hour
increments, and see if that is the issue, it takes an hour to input new
data after base clear table buttons have cleared. im assume there is a
switch in the configs to make it quicker. 

any idea of what that line or file name is, in /var/www/base-1.4.5/* ?
what keyword to grep for?

thanks!!



On Wed, 2012-10-10 at 20:56 -0400, waldo kitty wrote:
> On 10/10/2012 17:55, AllowOverride wrote:
> > yes exactly, i believe that also to be a possible issue, as it will only
> > restart to send to mysql after in restart each piece of this pig puzzle.
> > although, sometimes, it will resend if i restart apache2, or snort, or
> > barnyard2 in random order...
> 
> maybe there's an automatic restart for the failing process and your attempts to 
> force the issue and make it restart are confusing things? how long have you left 
> it alone once you clicked on the [clear tables] button? 30 minutes? an hour?
> 
> i ask because one of the systems i work with has a similar feature... in some 
> cases, it can take a day for the database stuffings to catch up and start 
> providing some data...
> 
> REMEMBER: a feature is an undocumented bug. the first fix is generally to 
> document it as a feature ;)
> 
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list