[Snort-users] Where's Waldo?

AllowOverride allowoverride at ...11827...
Thu Oct 11 20:08:19 EDT 2012


base is working, just not refreshing new data after clearing tables with
radio button on base gui.

not a biggy, it still logs after a short while, havent found exact times
though, but i would say less than 24 hours it will populate base gui
again. just odd... 

On Thu, 2012-10-11 at 18:05 -0400, Michael Steele wrote:
> BASE is a great place to start out. Maybe when you get everything working
> properly then make the switch.
> 
> BASE is a viable option, it may not have a developer behind it right now,
> but it's viable as a snort console.
> 
> Michael...
> 
> -----Original Message-----
> From: AllowOverride [mailto:allowoverride at ...11827...] 
> Sent: Thursday, October 11, 2012 5:38 PM
> To: Peter Bates
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Where's Waldo?
> 
> im looking into snorby, since base is dead... thanks
> 
> On Thu, 2012-10-11 at 20:58 +0100, Peter Bates wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > 
> > Hello all
> > 
> > On 11/10/2012 20:29, AllowOverride wrote:
> > > just a test, i will clear tables, and close browser, come back in 1 
> > > hour increments, and see if that is the issue, it takes an hour to 
> > > input new data after base clear table buttons have cleared. im 
> > > assume there is a switch in the configs to make it quicker.
> > 
> > I've never personally looked for the option to clear tables in BASE 
> > but I can say I use a script called archivesnort.pl which moves alerts 
> > after 7 days to the archive DB and deletes them after 30.
> > 
> > If that is available with BASE I'd suggest you try that - i.e. 
> > modifying the database outside of the web interface - if you can't 
> > find it I can post it to the ML.
> > 
> > That's what we do and I've never seen the problem you're describing.
> > 
> > Alternatively, why not look at Snorby as a WUI - that has an inbuilt 
> > option to trim(*) the database after a fixed number of events.
> > 
> > * - by trim I mean 'delete oldest events but not the entire contents 
> > of the table' - I can't think of a better word.
> > 
> > - --
> > Peter Bates
> > Senior Computer Security Officer    Phone: +44(0)2076792049
> > Information Services Division	    Internal Ext: 32049
> > University College London
> > London WC1E 6BT
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.11 (Darwin)
> > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> > 
> > iQEcBAEBAgAGBQJQdyTUAAoJELhVoVpEMS6RsvgH/iJ00PzneI6hlwoFiZz2Xtab
> > D+T9Xr69BcHxlZ8FLpWWkkJQWxaeLIIQUKs6yWdkeD3Nn+8P9prpHFfdCeIV55a4
> > ICMyIuPj09EMMWyTLQzO2+VZwYh4RmJ4e/XuyD2VAfYobScJdrz6/fHsV6mn0Bm/
> > J3SaKlYA4Wm/ou+x5rvJW3J9gSOpQoLfLTUBqBnr3yv8SxiKJQw1WZvYHr2LF0lb
> > NxgaQlNjVZtokg0B3fIj6Dhhyecj7M+tjrSs0wqqXd5rU1oOgvDwdiLr1LfYNCAs
> > zBd87P9j1mVF9VlLgBhtLr+3/jOVIGAooQK4QWOtLtASmrlBOp7H4rhhIxvP5oQ=
> > =S82d
> > -----END PGP SIGNATURE-----
> > 
> > 
> > ----------------------------------------------------------------------
> > -------- Don't let slow site performance ruin your business. Deploy 
> > New Relic APM Deploy New Relic app performance management and know 
> > exactly what is happening inside your Ruby, Python, PHP, Java, and 
> > .NET app Try New Relic at no cost today and get our sweet Data Nerd 
> > shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
> 
> 
> ----------------------------------------------------------------------------
> --
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly what is
> happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at
> no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
> 





More information about the Snort-users mailing list