[Snort-users] Question About Snort - BASE Interface
jim at w4bqp.net
Wed Jun 21 13:59:04 EDT 2017
I have a Snort 184.108.40.206 and BASE 1.4.5 system running in IPS mode. The
Snort part of the system is working great. My problem is with the BASE
part of the system.
Yesterday BASE had over 8,000 alerts in its cache. I was concerned about
the size of the cache so I cleared it. Since then I have been unable to
get BASE to display alerts.
My current snort.u2.* file has 47787 bytes of data. BASE reports that it
has 948 Total Events and 2 Cached events. If I ask BASE to display
alerts it says that "No Alerts were found."
I've had a similar problem in the past but usually sometime later BASE
begins displaying alerts without my intervention.
I have restarted Snort, Barnyard2, Apache2 and BASE individually and
that doesn't help. I've rebooted the system and it doesn't help.
Programs are supposed to function in a predictable manner but BASE doesn't.
Just now, while I was composing this message, BASE began reporting
alerts beginning with the time stamp of the snort.u2.* file.
Any suggestions would be much appreciated.
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin
More information about the Snort-users