base loading pages not compl with archive db

BASE-user
sgruttmann
2008-04-04
2013-06-03
  • sgruttmann

    sgruttmann - 2008-04-04

    HI,

    after I enabled snort_archive db in base config file base isn´t loading it´s pages completly anymore.

    After refreshing the site serveral times I get the complete content.
    Sometimes the message "page can not be displayed" appears or the page is blank. Same problem with archive function (move(copy) sometimes it´s working and sometimes I have to refresh the site before.

    When I disable archive db in base config base is working fine.

    Any Idea?

    thanks Susanne

     
    • Juergen Leising

      Juergen Leising - 2008-04-05

      Hello Susanne,

      there were indeed some issues with base-1.3.9.

      Could you please try and download the cvs version of base?

      The following should be one single line:

      cvs -z9 -d:pserver:anonymous@secureideas.cvs.sourceforge.net:/cvsroot/secureideas checkout -P base-php4

      The cvs version of base can then be found under base-php4. If you haven't installed cvs, yet, then installing the cvs client package is sufficient. Server is not necessary.

      If you want a more verbose checkout command, then add -t.

      Bye, bye

      Juergen

       
    • sgruttmann

      sgruttmann - 2008-04-07

      Hi Juergen,

      thanks for your answer. I can´t get access to cvs. Following error message appears:

      cvs [checkout aborted]: connect to secureideas.cvs.sourceforge.net(66.35.250.88):2401 failed: Connection refused

      kind regards
      Susanne

       
      • Juergen Leising

        Juergen Leising - 2008-04-07

        oh, so as it seems, a login is necessary, opposedly to what I would have thought.

        The following is one single line:

        cvs -d:pserver:anonymous@secureideas.cvs.sourceforge.net:/cvsroot/secureideas login

        Bye, bye

        Juergen

         
    • sgruttmann

      sgruttmann - 2008-04-08

      Hi Juergen,

      I´ve downloaded CVS version of base (base-php4), but the same problem and after refreshing main page  I get a lot of error messages.

      /srv/www/htdocs/base-php4/includes/base_db.inc.php:522: ERROR: $this->row is not an object.

      Not sure if this will working becasue I´m running php5 on my server.

      I`ve testet base vs 1.3.8 also but I have the same problem as with 1.3.9

      cheers
      Susanne

       
      • Kevin Johnson

        Kevin Johnson - 2008-04-08

        Can you verify that you have the latest version of ADODB and that PHP is able to load it?

        Thanks
        Kevin

         
    • sgruttmann

      sgruttmann - 2008-04-08

      Hi Kevin,

      I´m using adodb502a. How can I test it with php? Ín php.info I can´t find it.
      Sorry but I`m be short on experience in php :-(

      I assume it´s  working because base function is fine when archive is disabled ?

      regards
      Susanne

       
    • Juergen Leising

      Juergen Leising - 2008-04-08

      Hi Susanne,

      the amount of error messages in this particular case are my fault.  They should have been subject to debug mode.  I have just changed this.

      Now, the question remains, whether archiving works for you.

      Could you, please, upgrade your directory "base-php4" to the current cvs version of BASE?

      This requires the cvs "login" command and then an "upgrade" command instead of the "checkout" command.

      If a simple (and short) "upgrade" did not work for you as an anonymous user, you would have to perform a full checkout.

      Bye, bye

      Juergen

       
      • sgruttmann

        sgruttmann - 2008-04-09

        HI Juergen,

        I made an update for base-php4 but without success. I need to refresh pages serveral times before complete content has been loaded. Further ( same with vs1.3.9) I have to use different database accounts. Otherwise I don´t get access to one of the db´s.

        regards
        Susanne

         
        • Juergen Leising

          Juergen Leising - 2008-04-09

          Hello Susanne,

          archiving takes an incredibly long time. If you want to archive hundreds or thousands of alerts, this could easily take up to several minutes, if not one or two hours. So split the alerts up, and change in your base_conf.php the line from

          $max_script_runtime = 180;

          to

          $max_script_runtime = 3600;

          After doing this there should be no need to manually press the refresh button.  But you do need to wait for quite some time.

          And as far as the different accounts are concerned:  This is strange and certainly a mistake in  your setup.

          The first thing that comes into my mind are missing permissions.  Basically you need to provide BASE with the following permissions (assuming the login name to the database is "base" and the database can be accessed on localhost, and the databases are called "snort" and "snort_archive"):

          mysql> grant INSERT, SELECT, DELETE, UPDATE on snort.* to "base"@"localhost";

          mysql> grant INSERT, SELECT, DELETE, UPDATE on snort_archive.* to "base"@"localhost";

          For a more fine-grain setup:

          Cf. base-1.3.9/docs/README:
          III. Installation and
          V. Security

          And you can check which permissions are currently set by:

          mysql> use snort;
          mysql> show grants for base@localhost;

          mysql> use snort_archive;
          mysql> show grants for base@localhost;

          Bye, bye

          Juergen

           
          • sgruttmann

            sgruttmann - 2008-04-10

            Hi Juergen,

            the problem doesn´t appears when I´m archiving arlams but when I`m loading base_main.php.

            Only the headline and the first box is coming up nothing else.After refreshing serveral times the complete content has been loaded.The same happens with other pages

            See example below:

            Basic Analysis and Security Engine (BASE)

            Today's alerts:  unique listing Source IP Destination IP
            - Last 24 Hours alerts:  unique listing Source IP Destination IP
            - Last 72 Hours alerts:  unique listing Source IP Destination IP
            - Most recent 15 Alerts: any protocol TCP UDP ICMP
            - Last Source Ports:  any protocol TCP UDP
            - Last Destination Ports:  any protocol TCP UDP
            - Most Frequent Source Ports:  any protocol TCP UDP
            - Most Frequent Destination Ports:  any protocol TCP UDP
            - Most frequent 15 Addresses: Source Destination
            - Most recent 15 Unique Alerts
            - Most frequent 5 Unique Alerts

            I set the "max_script_runtime" to 3600;

            I will check database permissions.

            thanks and regards
            Susanne

             

             
            • Juergen Leising

              Juergen Leising - 2008-04-10

              Hello Susanne,

              well, if you have several thousands or millions of alerts, the initial database lookup also takes an unexpectedly long time.  So you are
              advised to archive as much as possible - which you are actually doing...

              So again: refreshing should not be necessary.  The other part of the start screen will certainly show up eventually.

              Bye, bye

              Juergen

               

Log in to post a comment.