[Snort-users] Base doesnt show alerts

Y M snort at ...15979...
Fri Jul 26 14:00:17 EDT 2013


Yes it is supposed to be automatic. Does the user that inserts into the database has the proper permissions to write to these tables? The acid_event table is usually created after creating the actual db schema at first launch of BASE.
________________________________
From: soma patel-smith<mailto:dummy.my166 at ...11827...>
Sent: ‎7/‎26/‎2013 8:54 PM
To: Y M<mailto:snort at ...15979...>
Cc: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] Base doesnt show alerts

No it is not, will I have to write MySQL triggers, isnt this supposed to be
automatic?
I might have messed up the table creation process, How do I handle this now?


On Fri, Jul 26, 2013 at 10:46 AM, Y M <snort at ...15979...> wrote:

>  Is the acid_event table also populated? BASE view of the the alerts is
> fetched from the acid_event table.
>  ------------------------------
> From: soma patel-smith <dummy.my166 at ...11827...>
> Sent: 7/26/2013 8:36 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Base doesnt show alerts
>
>  Couldn't get an answer out of the base users forum, forwarding the
> question here :
>
>    I have been working on setting up Snort,Barnyard2 and Base.
>
>  1.Snort is currently logging in the unified2 format.
>
> 2.Barnyard2 is reading the logs and successfully inserting stuff into
> MySQL.
>  (I confirmed this using the standard "select count(*) from events;"
> Please let me know if my         assumption is wrong)
>
>  3.Base can insert into the database (can create a user through the Base
> gui), also when I hit the update alert cache button, I see the total events
> being updated.
>
>  I still do not see any alerts on the main page. TCP,UDP and ICMP traffic
> still say 0,0,0 resp.
>
>  Can anyone help fixing this please.
>
>  Thanks,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130726/ffc021fa/attachment.html>


More information about the Snort-users mailing list