[Snort-users] Question About Snort - BASE Interface

Jim Campbell jim at w4bqp.net
Wed Jun 21 13:59:04 EDT 2017


I have a Snort 2.9.9.0 and BASE 1.4.5 system running in IPS mode. The 
Snort part of the system is working great. My problem is with the BASE 
part of the system.

Yesterday BASE had over 8,000 alerts in its cache. I was concerned about 
the size of the cache so I cleared it. Since then I have been unable to 
get BASE to display alerts.

My current snort.u2.* file has 47787 bytes of data. BASE reports that it 
has 948 Total Events and 2 Cached events. If I ask BASE to display 
alerts it says that "No Alerts were found."

I've had a similar problem in the past but usually sometime later BASE 
begins displaying alerts without my intervention.

I have restarted Snort, Barnyard2, Apache2 and BASE individually and 
that doesn't help. I've rebooted the system and it doesn't help. 
Programs are supposed to function in a predictable manner but BASE doesn't.

Just now, while I was composing this message, BASE began reporting 
alerts beginning with the time stamp of the snort.u2.* file.

Any suggestions would be much appreciated.

Jim

-- 
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin




More information about the Snort-users mailing list