Hi guys,
Yes, I'm trying to querry for new events. 
I think I understand now.  Thanks for your help.  I'm going to create a cron job that continually refreshes the alert cache so when my scripts run, they are querring all the events.  I guess I'll try to use the base_maintenance.pl script that you are referring to.


On 4/17/06, Kevin Johnson <kjohnson@secureideas.net> wrote:
On Apr 17, 2006, at 12:39 PM, Richard Compton wrote:
> I have scripts that are querying the acid_event table in my Snort
> database and sometime they work (when I'm in the office and using
> BASE) and sometimes they don't work (like on the weekends). Any
> idea why this would be and what I can do to make these queries work
> every time? I think that the acid_event database is some sort of
> cache database but I'm not sure.
> Thanks,
> Rich


What exactly do you mean they fail on the weekends?  The only thing
that I can thin is that you are only looking for new item.  This
table is a cache of events that BASE has worked with.  If you are not
using the base_maintenance.pl to cache these events and no one is
actively using the BASE web interface, no new events will get cache.

BASE Project Lead
The next step in IDS analysis!

Rich Compton