Recent changes to support-requests

Mysql Error

2009-11-11T07:27:59Z

I hope you can help!

When running the setup script for the first time I get this error:

Fatal error: Call to undefined function mysql_connect() in /usr/share/php/adodb/drivers/adodb-mysql.inc.php on line 363

From Googling this error I have not found much, other than to make sure mysql is installed and running. I can telnet to the localhost on the mysql port. Netstat -a shows it is listing.

The mysql logs shows no connection attempts.

I am running the following:
base 1.4.4
mysql 5.0.5
libphp-adodb 5.05 (this is installed /usr/share/php

Thanks you very much

BASE with OSSEC

2009-10-01T19:11:23Z

I`m hoping someone here can help me with an issue I`m having with BASE and OSSEC. I have alerts from OSSEC going into BASE, but I`m unable to from original code archive OSSEC alerts.

After some tinkering and asking questions on the OSSEC forums one suggestoin was to change a line in the base_action.inc.php as follows:

original

$sql = "INSERT INTO data (sid,cid, data_payload) VALUES ";
$sql.= "($sid, $cid, '".$tmp_row[0]."')";

modified

$sql = "INSERT INTO data (sid,cid, data_payload) VALUES ";
$sql.= "($sid, $cid, '".mysql_real_escape_string($tmp_row[0])."')";

After making this change I was able to archive the OSSEC alerts via BASE, however. Since doing so I am now unable to view any alerts in the archive database. The test alert I tried archiving was copied from the snort database to the snort_archive database which I verified manually:

mysql> use snort;

Database changed
mysql> select * from data where cid=118815;
+-----+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| sid | cid | data_payload |
+-----+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 40 | 118815 | ** Alert 1254423242.4059666: - apache,unknown_resource,
2009 Oct 01 14:54:02 somewebsite-webserver -> /var/log/httpd/error_log
Rule: 30112 (level 5) -> 'Attempt to access an non-existent file.'
Src IP: (174.129.87.154)
User: (none)
[Thu Oct 01 14:53:51 2009] [error] [client 174.129.87.154] File does not exist: /home/h/http073/somewebsite/iphone |
+-----+--------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.09 sec)

Using BASE then copied the alert from the snort database to the snort_archive database

mysql> use snort_archive;

qmagic function in base_qry_common.php

2006-05-23T14:15:11Z

Hi,

I am today running BASE 1.1.2.
This works fine on my Linux box.
After upgrading to 1.2.4 I do get some problems.
I can log in the the application and get the first
status page.
But when I click on the alarms last 24 days or any
other link for displaying alarms. The following
message appears:

Fatal error: Call to undefined function: qmaic()
in /www.htdocs/base/base_qry_common.php on line 602.

It is no change in owners/group rights of the files.
I have the correct versions described in the
prerequisites for BASE 1.2.4.

I have been through the setup procedyre/program and do
not get any error messages.

Any body else seen this problem ?

Thanks in advance.

tom.erik.hestholm@kongsberg.com

Allowed memory size of 8388608 bytes exhausted

2006-04-28T11:24:29Z

Hello

I start getting folowing error while browsing BASE
reports :

Allowed memory size of 8388608 bytes exhausted (tried
to allocate 138 bytes)

I am using Debian with Apache2 and latest PHP. I guess
this problem is PHP related, but maybe you have a tip
how to solve it ?

With best regards
Martynas

upgrade to 1.2.2. problem

2006-03-16T16:29:06Z

I upgraded to 1.2.2 and now I can't login into BASE. I
reran Base's setup, enter user + password and then I
get the message "User does not exist or your password
was incorrect! Please try again". Will appreciate any
help on this regard.

How do I move my BASE from one machine to another?

2006-03-14T16:31:07Z

I would like to keep the current settings in tact
and move my base installation from an older machine
to a newer more powerful machine. Can I just tar and
copy the /var/www directories and move them?

Database Error postgresql

2006-03-13T16:00:57Z

Hi,

I keep getting this error:

Checking for DB abstraction lib in '/adodb/adodb.inc.php'
The underlying database ids@localhost appears to be
incomplete/invalid
Database ERROR:ERROR: syntax error at or near "`" at
character 18

SELECT ip_src FROM iphdr

It might be an older version. Only alert databases
created by Snort 1.7-beta0 or later are supported

I'm running OpenBSD 3.8 / Postgresql 8.1.3 / Snort 2.4.3

Maybe someone can help me, because I've looked
everywhere, but can't find anything about it.

Oh, it's probably in the base_main.php

Thanks,

Theo

Amazing Job!

2006-03-09T07:30:30Z

You guys have really done an amazing job with this
project. I thought the Acid project was dead. Good
job on keeping it going! One thing though... you
guys have gotta promote this more... Alot of people
are still using acid. Knoppix, knoppix-std and a
quite a few other security distros are still
including Acid instead of Base. The only security
Distro I've seen that includes Base was NST. Try to
get something going on LinuxToday or LinuxWatch or
other Sites just so maybe you guys could get more
exposure and maybe more people can chip in. I don't
think I even saw you guys in Snort.org!!!

Anyways... Great Job and thanks!

Zubin.

graphs in BASE do not work

2005-06-07T15:35:23Z

Followed Dominik Gehl's Instructions on {snort-users}

Warning: Missing argument 1 for
image_graph_datapreprocessor_array() in
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php
on line 79

Warning: Cannot modify header information - headers
already sent by (output started at
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php:79)
in /usr/share/pear/Image/Graph/Driver.php on line 525

Warning: Cannot modify header information - headers
already sent by (output started at
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php:79)
in /usr/share/pear/Image/Graph/Driver.php on line 526

Warning: Cannot modify header information - headers
already sent by (output started at
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php:79)
in /usr/share/pear/Image/Graph/Driver.php on line 527

Warning: Cannot modify header information - headers
already sent by (output started at
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php:79)
in /usr/share/pear/Image/Graph/Driver.php on line 528

Warning: Cannot modify header information - headers
already sent by (output started at
/usr/share/pear/Image/Graph/DataPreprocessor/Array.php:79)
in /usr/share/pear/Image/Graph/Driver/GD/PNG.php on
line 104

Problem connecting to database

2005-03-15T16:18:07Z

Recieved the following error when attempting to login:
Checking for DB abstraction lib
in '/var/www/html/adodb/adodb.inc.php'

Error (p)connecting to DB : snort@localhost

Check the DB connection variables in base_conf.php

= $alert_dbname : MySQL database name
where the alerts are stored
= $alert_host : host where the database is
stored
= $alert_port : port where the database is
stored
= $alert_user : username into the database
= $alert_password : password for the
username

Database ERROR:Can't connect to local MySQL server
through socket '/var/lib/mysql/mysql.sock' (13)