I am running snort/barnyard/mysql. I can see my alerts going up when i query for select count(*) from event; but nothing showing on BASE after I clear the cache??
If I reboot the machine, everything works until I clear the cache again. Then everything keeps working (snort,barnyard), but no alerts show on BASE.
I figured out. When you "Clear Data Tables", you also clear all data from the sensor table. BASE will not show you data because of this.
I commented line 670 from includes/base_db.inc.php to look like this:
# $db->baseExecute("DELETE FROM sensor");
YMMV. I only have one sensor. I have not tried this with multiple sensors reporting to one database.
I guess that reading works wonders. I found a patch for barnyard inside the BASE contrib directory. After a simple recompile of barnyard, I can uncomment the "DELETE FROM sensor" query and everything works fine now.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.