Database problem with 1.3.9

BASE-user
dkim777
2008-01-03
2013-06-03
  • dkim777
    dkim777
    2008-01-03

    I'm creating fresh new database for alert and archive snort databse for base 1.39
    I've created table with  create_base_tbls_mysql.sql  for both alert and archive databases.

    upon first start of BASE got following error message.
    -----------------------------------------------------------------------------------------------
    The underlying database base139@localhost appears to be incomplete/invalid
    Database ERROR:Table 'base139.iphdr' doesn't exist

    It might be an older version. Only alert databases created by Snort 1.7-beta0 or later are supported
    ---------------------------------------------------------------------------------------------------------
    any ideas?
    it doesn't looks like permission problem.

    when I do show tables on alert/archive database I get following, no iphdr table.
    mysql> show tables;
    +-------------------+
    | Tables_in_alert   |
    +-------------------+
    | acid_ag           |
    | acid_ag_alert     |
    | acid_event        |
    | acid_ip_cache     |
    | base_roles        |
    | base_users        |
    +-------------------+
    6 rows in set (0.00 sec)

     
    • dkim777
      dkim777
      2008-01-03

      nevermind I've forgot to add snort schema.

      but I still have problem with accessing database,

      if I use "snort" account I see no alerts.
      but if I use "root" account I see all the alerts.

      Here is access table for alert database from phpadmin

      User      Host      Type      Privileges      Grant      Action
      root     localhost     global     ALL PRIVILEGES     Yes     Edit Privileges
      root     oig-was-snl.oig.hhs.gov     global     ALL PRIVILEGES     Yes     Edit Privileges
      snort     %     database-specific     SELECT, INSERT, UPDATE, DELETE, CREATE     No     Edit Privileges
      snort     localhost     database-specific     SELECT, INSERT, UPDATE, DELETE, CREATE     No     Edit Privileges

      looks like it(snort account) has all the rights it needed right?

       
      • Hello,

        can you log in to the database via
        command line as user "snort"?

        mysql -u snort -pXXXXXXX

        (use real password rather than XXXXXXX)

        mysql> show grants;
        mysql> use snort;
        mysql> show tables;

        6 tables, btw, is not enough. The base tables are additional tables to those
        ones established during installation
        of snort.

        And is BASE is really using the snort
        account rather than something like
        base or base_user?

        bye, bye,

        Juergen