Yes, I'm trying to querry for new events.
I think I understand now. Thanks for your help. I'm going to create a cron job that continually refreshes the alert cache so when my scripts run, they are querring all the events. I guess I'll try to use the base_maintenance.pl script that you are referring to.
On Apr 17, 2006, at 12:39 PM, Richard Compton wrote:
> I have scripts that are querying the acid_event table in my Snort
> database and sometime they work (when I'm in the office and using
> BASE) and sometimes they don't work (like on the weekends). Any
> idea why this would be and what I can do to make these queries work
> every time? I think that the acid_event database is some sort of
> cache database but I'm not sure.
What exactly do you mean they fail on the weekends? The only thing
that I can thin is that you are only looking for new item. This
table is a cache of events that BASE has worked with. If you are not
using the base_maintenance.pl to cache these events and no one is
actively using the BASE web interface, no new events will get cache.
BASE Project Lead
The next step in IDS analysis!