Re: Where's Waldo?

[AllowOverride <allowoverride () gmail com>]

it appears to be logging data again to base, 
so you are saying, wait 24 hours for new data to be present?
ic, your point about 1 hour, as most of the configs state 1 hour, 
however, when i first pinged server and ICMP hits were displayed on
base, it was instantaneous. so you see where i get my idea, that after
clearing a completely blank table, displayed data on base, and by
clearing tables, it wont display data quickly EVEN after i restart
services, or clear or snort.logs,alerts, or restart snort/barnyard2
processes. see my point?

i see yours. thanks.

just a test, i will clear tables, and close browser, come back in 1 hour
increments, and see if that is the issue, it takes an hour to input new
data after base clear table buttons have cleared. im assume there is a
switch in the configs to make it quicker. 

any idea of what that line or file name is, in /var/www/base-1.4.5/* ?
what keyword to grep for?

thanks!!



On Wed, 2012-10-10 at 20:56 -0400, waldo kitty wrote:
> On 10/10/2012 17:55, AllowOverride wrote:
> > yes exactly, i believe that also to be a possible issue, as it will only
> > restart to send to mysql after in restart each piece of this pig puzzle.
> > although, sometimes, it will resend if i restart apache2, or snort, or
> > barnyard2 in random order...
>
> maybe there's an automatic restart for the failing process and your attempts to 
> force the issue and make it restart are confusing things? how long have you left 
> it alone once you clicked on the [clear tables] button? 30 minutes? an hour?
>
> i ask because one of the systems i work with has a similar feature... in some 
> cases, it can take a day for the database stuffings to catch up and start 
> providing some data...
>
> REMEMBER: a feature is an undocumented bug. the first fix is generally to 
> document it as a feature ;)
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!