MasterSleepy
I installed your contribs and seem to have everything working.
I set up oinkmaster to grab the rules, it did . . .
it restarted and it is logging to the alerts file and the MYSQL DB
Only problem is when I go to my server via https to the /base directory I don't see any alerts listed. If I enter into the admin within /base and go into the "cache and Status" section (which I can just fine) I see there is a listing of "Total Events: 1636"
yet nothing shows in the web interface of /base
I have verified that the /var/log/snort/alerts file IS indeed working.
It is, and Guardian is going a good job of blocking people (I even accidentially blocked myself once)
So, I assume (and now I see) that /base uses the sql file only.
So I assumed I had SQL errors so I looked at /var/log/snortd/current and see the following errors:
@4000000044d0ab780b766514 database: mysql_error: Unknown column 'sig_gid' in 'where clause'
@4000000044d0ab780b76789c database: Problem inserting a new signature 'BAD-TRAFFIC udp port 0 traffic': INSERT INTO signature (sig_name,sig_class_id,sig_priority,sig_rev,sig_sid,sig_gid) VALUES ('BAD-TRAFFIC udp port 0 traffic',1,3,9,525,1)
@4000000044d0ab780b85eda4 database: mysql_error: Duplicate entry '0-1' for key 1
@4000000044d0ab780b8608fc SQL=INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (0, 1, 2)
@4000000044d0ab780b9589bc database: mysql_error: Duplicate entry '0-2' for key 1
@4000000044d0ab780b95a12c SQL=INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (0, 2, 3)
@4000000044d0ab780ba3e584 database: mysql_error: Duplicate entry '0-3' for key 1
@4000000044d0ab780ba3fcf4 SQL=INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES (0, 3, 4)
I assume my tables aren't quite right.
I am not much of a SQL hack, but I rekon I could try to manually create some of the tables and fields to get this working?
Any advice?
Is there a way to rebuild my DB from here?
Thanks!