[Snort-users] Base doesnt show alerts

Y M snort at ...15979...
Fri Jul 26 13:46:26 EDT 2013


Is the acid_event table also populated? BASE view of the the alerts is fetched from the acid_event table.
________________________________
From: soma patel-smith<mailto:dummy.my166 at ...11827...>
Sent: ‎7/‎26/‎2013 8:36 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Base doesnt show alerts

Couldn't get an answer out of the base users forum, forwarding the question
here :

I have been working on setting up Snort,Barnyard2 and Base.

1.Snort is currently logging in the unified2 format.

2.Barnyard2 is reading the logs and successfully inserting stuff into MySQL.
(I confirmed this using the standard "select count(*) from events;" Please
let me know if my         assumption is wrong)

3.Base can insert into the database (can create a user through the Base
gui), also when I hit the update alert cache button, I see the total events
being updated.

I still do not see any alerts on the main page. TCP,UDP and ICMP traffic
still say 0,0,0 resp.

Can anyone help fixing this please.

Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130726/611ca7ac/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list