pepe le moko
I'm trying to setup snort with BASE. It looks like everything is installed right, but I don't see any user manual or FAQ on how to use this thing. Since I seem to be the only person who asks these questions, lets call it a SAQ ( seldom asked questions )
1) how do i configure alerting? clicking on the "Alert Group Maintenance" lets me create a new Alert Group. I am then presented with a box allowing me to chose an action ( I assume that is something that will happen when i get a packet that matches a snort signature? ). I want to get an email when i see an SQL exploit, so i choose email alert (full) and put my email address in the box. I click entire query and get this:
/var/www/html/base-18.104.22.168/includes/base_state_criteria.inc.php:155: WARNING: The following query key has not been implemented, yet: "7".
Report it to the BASE developers, please.
is this a setup issue, or a problem with... what ( BASE, mysql, php what?)
2) Is there a help screen somewhere? I'm not seeing a link anywhere.
3 ) how do i delete an alert group? the delete button does this:
4) the FAQ said that it is possible to different levels of alerting with some database magic. what do i do to get this to go?
Pepe Le Moko