The acid_event table and Base UI are empty.

John Hoyt
  • John Hoyt

    John Hoyt - 2009-05-20

    Hello all,

    I'm working with snort., barnyard2, and Base-1.4.2.  Snort and Barnyard are working correctly in that events are being logged to the events table in my snort db.  I'm not getting any events listed on the BASE UI, and the acid_event table is empty. 

    I've tried dropping the snort db, and recreating it with both schemas.  The sensor is showing up correctly in the db and the UI. 

    When I check the httpd/error_log I get this message:
    PHP Notice:  Undefined variable: debug_mode in /var/www/html/base/includes/ on line 475, referer:

    Which is the function:
    // Now commit all those SQL commands
      for ( $i = 0; $i < $update_cnt; $i++ )
        if ($debug_mode > 0)
          $mystr = '<BR>' . __FILE__ . ':' . __LINE__ . ": <BR>\n$update_sql[$i] <BR><BR>\n\n";
          echo $mystr;


        if ( $db->baseErrorMessage() != "" )
           ErrorMessage(_ERRCACHEERROR." ["._SENSOR." #$sid]["._EVENTTYPE." $i]".
                          " "._ERRCACHEUPDATE);


    With the error on line:

    if ($debug_mode > 0)

    Any help or direction on this is greatly appreciated.


    • Juergen Leising

      Juergen Leising - 2009-05-20

      Hello John,

      many thanks for your precise report.  I have fixed this issue in CVS.  You have now two options:

      1. You change this in includes/ and add "GLOBAL $debug_mode;":

      202 function CacheSensor($sid, $cid, $db)
      203 /*
      204   Caches all alerts for sensor $sid newer than the event $cid
      205  */
      206 {
      207   GLOBAL $debug_mode;
      210   $schema_specific = array(2);
      212   $schema_specific[0] = "";
      213   $schema_specific[1] = "";
      214   $schema_specific[2] = "";

      2. Or you download the CVS version of BASE, as described at

      BASE will then be found under base-php4.

      However, I have some doubts, whether this really resolves your actual problem.  Usually one can ignore those "Notice" messages in php.  So I would prefer you give the CVS version of BASE a try, as it contains a tiny modification against BASE-1.4.2 - beyond this debug_mode issue.

      I would have thought, I had fixed the discrepancy problem between the event table and the acid_event table. At least, clear error messages should show up, whenever an entry of the event table does not find its way into the acid_event table.

      Are there any hints in the database logs?

      Please note: BASE does not move "old" events from the event table into the acid_event table.
      Only the new ones.

      Bye, bye



Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks