Snort mailing list archives
RE: Acid and Mysql with Snort
From: ricsi () gmx at (Richard Menedetter)
Date: Fri, 12 Jul 2002 16:48:43 +0200 (CEST)
X-To: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Hi
Some ACID feature wishes.
(I hope it is still developed further)
* it would be great if ACID would better support the archive table.
Eg you could switch between the normal and the archive table, without
installinf acid twice. (and one could do an additional button on the source
address page, where acid would search for the actual IP in the archive.)
* I would like to have a switch in the cfg file, where, when switched on,
ACID would show not only the IP but also the domainname of the source
address in the overview table.
* it would be great if there were an action where snort would mail the
details of the selected alerts to www.dshield.org.
* it would be great if the graphics capabilities would be spiced up a bit
Spade question:
everytime I do a FTP transfer spade shows me a higy anomaly value from
ftp:20 to me:xxx.
Can't spade ignore such FTP connections ??
Mysql index question:
HA> 2. Creating indexes
HA> Some of the required indexes are not created in initial MySQL creation
HA> script. The following indexes can be added to significantly improve
HA> performance:
HA> tcphdr.tcp_sport
HA> tcphdr.tcp_dport
HA> acid_ag_alert.ag_sid + acid_ag_alert.ag_cid
How do you do it ??
are the index-names irrelevant ??
is it done like this:
create index acid_ag_alert_i on acid_ag_alert (ag_sid, ag_cid);
CU, Ricsi
--
|~)o _ _o Richard Menedetter <ricsi () gmx at> {ICQ: 7659421} (PGP)
|~\|(__\| -=> Virus Warning: (S)top (C)ontinue (B)urn infected disk <=-
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Gadgets, caffeine, t-shirts, fun stuff.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and Mysql with Snort Hall, Duane (Jul 11)
- Re: Acid and Mysql with Snort twig les (Jul 11)
- <Possible follow-ups>
- RE: Acid and Mysql with Snort Hutchinson, Andrew (Jul 12)
- RE: Acid and Mysql with Snort Richard Menedetter (Jul 12)
- RE: Acid and Mysql with Snort James Hoagland (Jul 13)
- RE: Acid and Mysql with Snort Richard Menedetter (Jul 12)
- RE: Acid and Mysql with Snort Pacheco, Michael F. (Jul 16)
- RE: Acid and Mysql with Snort Hutchinson, Andrew (Jul 17)