Re: Base doesnt show alerts

[soma patel-smith <dummy.my166 () gmail com>]

I though I must have messed something up, but what I did now is :
1.dropped snort database,
2.sourced the barnyard2 create_mysql.sql file, which created these tables :
 data
 detail
 encoding
 event
 icmphdr
 iphdr
 opt
 reference
 reference_system
 schema
 sensor
 sig_class
 sig_reference
 signature
 tcphdr
 udphdr

Then, I extracted base in the www directory and proceeded as usual.
Base now created these tables :
acid_ag
acid_ag_alert
acid_event
acid_ip_cache
base_roles
base_users


Still, after barnyard is started, it puts stuff in mysql snort.event and
nothing gets into acid_event


On Fri, Jul 26, 2013 at 11:00 AM, Y M <snort () outlook com> wrote:

>  Yes it is supposed to be automatic. Does the user that inserts into the
> database has the proper permissions to write to these tables? The
> acid_event table is usually created after creating the actual db schema at
> first launch of BASE.
>  ------------------------------
> From: soma patel-smith <dummy.my166 () gmail com>
> Sent: 7/26/2013 8:54 PM
> To: Y M <snort () outlook com>
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Base doesnt show alerts
>
>   No it is not, will I have to write MySQL triggers, isnt this supposed
> to be automatic?
>  I might have messed up the table creation process, How do I handle this
> now?
>
>
> On Fri, Jul 26, 2013 at 10:46 AM, Y M <snort () outlook com> wrote:
>
>  Is the acid_event table also populated? BASE view of the the alerts is
> fetched from the acid_event table.
>  ------------------------------
> From: soma patel-smith <dummy.my166 () gmail com>
> Sent: 7/26/2013 8:36 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Base doesnt show alerts
>
>   Couldn't get an answer out of the base users forum, forwarding the
> question here :
>
>    I have been working on setting up Snort,Barnyard2 and Base.
>
>  1.Snort is currently logging in the unified2 format.
>
> 2.Barnyard2 is reading the logs and successfully inserting stuff into
> MySQL.
>  (I confirmed this using the standard "select count(*) from events;"
> Please let me know if my         assumption is wrong)
>
>  3.Base can insert into the database (can create a user through the Base
> gui), also when I hit the update alert cache button, I see the total events
> being updated.
>
>  I still do not see any alerts on the main page. TCP,UDP and ICMP traffic
> still say 0,0,0 resp.
>
>  Can anyone help fixing this please.
>
>  Thanks,
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!