I'm using snort 2.8.5 with BASE 1.4.5
when I click on individual alert I get following errors in RED.
/srv/www/htdocs/base145/base_qry_alert.php:535: db->DB->MetaColumnNames('data') is NOT an array. Ignoring.
I'm having the same issue. BASE 1.4.5, snort 2.8.6
I moved a copy of BASE and my snort database to a different server running PHP 5.2.5 and mysql 5.0.26, which had the same problem as my original server I was running them on with php 5.3.2 and mysql 5.1.36. I feel confident saying that php and mysql are not part of the problem. I saw some other posts about issues with BASE when a new version of snort is used, maybe there is an issue like that which has not been fixed yet.
Hello. Can you tell me a little bit more about your snort installation. Are you using the Fast Logging Project for Snort (FLoP : http://freshmeat.net/projects/flop) ? Also please confirm you have a 'data' table in your Snort DB server, and confirm that the table has some rows in it.
Snort is logging directly to syslog and mysql. There is data in every table and it does get updated when an alert is triggered.
The data table does have the payloads.
So you are getting "Alert Deleted" when you click on the alert, not delete an alert, correct? And this is occurring for ALL packets you try to view in BASE, not just a specific packet?
The error is occurring in the portion of the code that prints the packet data to the screen. It seems that for some reason the 'data_header' field cannot be found in the `data` table. What columns are in your `data` table? A standard BASE install should read sid,cid,data_payload.
It happens when I try to view any packet and I haven't deleted any. My data table has sid, cid, and data_payload, all with appropriate entries. There is no data_header column. I added the plain text of the page below.
Basic Analysis and Security Engine (BASE)
Home | Search
[ Back ]
Queried on : Thu July 15, 2010 08:21:22
Meta Criteria time >= [ 07 / 15 / 2010 ] [ any time]
IP Criteria any
Layer 4 Criteria none
Payload Criteria any
[ First ]
ID # Time Triggered Signature
2 - 152
Sensor Sensor Address Interface Filter
Alert Group none
/srv/www/htdocs/base_qry_alert.php:535: db->DB->MetaColumnNames('data') is NOT an array. Ignoring.
Download of Payload
/srv/www/htdocs/base_qry_alert.php:108: db->DB->MetaColumnNames('data') is NOT an array. Ignoring.
#0 PrintPcapDownload(baseCon Object ([DB] => ADODB_mysql Object ([databaseType] => mysql,[dataProvider] => mysql,[hasInsertID] => 1,[hasAffectedRows] => 1,[metaTablesSQL] => SHOW TABLES,[metaColumnsSQL] => SHOW COLUMNS FROM `%s`,[fmtTimeStamp] => 'Y-m-d H:i:s',[hasLimit] => 1,[hasMoveFirst] => 1,[hasGenID] => 1,[isoDates] => 1,[sysDate] => CURDATE(),[sysTimeStamp] => NOW(),[hasTransactions] => ,[forceNewConnect] => ,[poorAffectedRows] => 1,[clientFlags] => 0,[substr] => substring,[nameQuote] => `,[compat323] => ,[_genIDSQL] => update %s set id=LAST_INSERT_ID(id+1);,[_genSeqSQL] => create table %s (id int not null),[_genSeqCountSQL] => select count(*) from %s,[_genSeq2SQL] => insert into %s values (%s),[_dropSeqSQL] => drop table %s,[database] => snort,[host] => 127.0.0.1,[user] => snort,[password] => not stored,[debug] => ,[maxblobsize] => 262144,[concat_operator] => +,[length] => length,[random] => rand(),[upperCase] => upper,[fmtDate] => 'Y-m-d',[true] => 1,[false] => 0,[replaceQuote] => \',[charSet] => ,[metaDatabasesSQL] => ,[uniqueOrderBy] => ,[emptyDate] => ,[emptyTimeStamp] => ,[lastInsID] => ,[hasTop] => ,[readOnly] => ,[genID] => 0,[raiseErrorFn] => ,[cacheSecs] => 3600,[memCache] => ,[memCacheHost] => ,[memCachePort] => 11211,[memCacheCompress] => ,[sysUTimeStamp] => ,[arrayClass] => ADORecordSet_array,[noNullStrings] => ,[numCacheHits] => 0,[numCacheMisses] => 0,[pageExecuteCountRows] => 1,[uniqueSort] => ,[leftOuter] => ,[rightOuter] => ,[ansiOuter] => ,[autoRollback] => ,[fnExecute] => ,[fnCacheExecute] => ,[blobEncodeType] => ,[rsPrefix] => ADORecordSet_,[autoCommit] => 1,[transOff] => 0,[transCnt] => 0,[fetchMode] => ,[null2null] => null,[bulkBind] => ,[_oldRaiseFn] => ,[_transOK] => ,[_connectionID] => Resource id #40,[_errorMsg] => ,[_errorCode] => ,[_queryID] => ,[_isPersistentConnection] => 1,[_bindInputArray] => ,[_evalAll] => ,[_affected] => ,[_logsql] => ,[_transmode] => ,[databaseName] => snort),[DB_type] => mysql,[DB_name] => snort,[DB_host] => 127.0.0.1,[DB_port] => ,[DB_username] => snort,[lastSQL] => SELECT data_payload FROM data WHERE sid='2' AND cid='152',[version] => 107,[sql_trace] => ), 152, 2) called at [/srv/www/htdocs/base_qry_alert.php:905]
Download in pcap format
[ First ]
Alert Group Maintenance | Cache & Status | Administration
BASE 1.4.5 (lilias) (by Kevin Johnson and the BASE Project Team
Built on ACID by Roman Danyliw )
[Loaded in 0 seconds]
The page with all of the parts is visible here: http://beta.gurnee.il.us/base_qry_alert.php.htm
Thanks for providing that information, that is very helpful. Please try running the following SQL command and let me know what you get: SHOW COLUMNS FROM `data`
Output from phpMyAdmin:
Field Type Null Key Default Extra
sid int(10) unsigned NO PRI NULL
cid int(10) unsigned NO PRI NULL
data_payload text YES NULL
What does this SQL command return if you run it from phpMyAdmin:
SELECT data_payload FROM data WHERE sid='2' AND cid='152'
I only have a few days left at work this summer; does anyone have any other ideas?
I had the same problem with snort 22.214.171.124 / BASE 1.4.5 on SUSE 11.3.
The solution was: Either change php.ini as follows
mysql.allow_persistent = On
or, change base_conf.php as follows.
$db_connect_method = 2;
Hope this will help.