I'm working with snort.126.96.36.199, barnyard2, and Base-1.4.2. Snort and Barnyard are working correctly in that events are being logged to the events table in my snort db. I'm not getting any events listed on the BASE UI, and the acid_event table is empty.
I've tried dropping the snort db, and recreating it with both schemas. The sensor is showing up correctly in the db and the UI.
When I check the httpd/error_log I get this message:
PHP Notice: Undefined variable: debug_mode in /var/www/html/base/includes/base_cache.inc.php on line 475, referer: http://188.8.131.52/base/base_db_setup.php
Which is the function:
// Now commit all those SQL commands
for ( $i = 0; $i < $update_cnt; $i++ )
if ($debug_mode > 0)
$mystr = '<BR>' . __FILE__ . ':' . __LINE__ . ": <BR>\n$update_sql[$i] <BR><BR>\n\n";
if ( $db->baseErrorMessage() != "" )
ErrorMessage(_ERRCACHEERROR." ["._SENSOR." #$sid]["._EVENTTYPE." $i]".
With the error on line:
if ($debug_mode > 0)
Any help or direction on this is greatly appreciated.
many thanks for your precise report. I have fixed this issue in CVS. You have now two options:
1. You change this in includes/base_cache.inc.php and add "GLOBAL $debug_mode;":
202 function CacheSensor($sid, $cid, $db)
204 Caches all alerts for sensor $sid newer than the event $cid
207 GLOBAL $debug_mode;
210 $schema_specific = array(2);
212 $schema_specific = "";
213 $schema_specific = "";
214 $schema_specific = "";
2. Or you download the CVS version of BASE, as described at
BASE will then be found under base-php4.
However, I have some doubts, whether this really resolves your actual problem. Usually one can ignore those "Notice" messages in php. So I would prefer you give the CVS version of BASE a try, as it contains a tiny modification against BASE-1.4.2 - beyond this debug_mode issue.
I would have thought, I had fixed the discrepancy problem between the event table and the acid_event table. At least, clear error messages should show up, whenever an entry of the event table does not find its way into the acid_event table.
Are there any hints in the database logs?
Please note: BASE does not move "old" events from the event table into the acid_event table.
Only the new ones.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.