Snort mailing list archives
RE: Acid Issues with snort
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Wed, 9 Oct 2002 08:52:47 -0600
Yes indeed, still having problems with the graphing and the AG stuff and no solutions or feedback. As for getting the archive thing to work...I had to resort to getting the latest PHP (being a while back) the version happens to be PHP4-200208211200 with Acid 0.9.6b21 and mySQL 3.23.51. Just recently I updated to Snort 1.90 and used the create_mysql source script from the contrib directory and this produced schema 106, but the AG and Graphing still does not work. I am waiting on the full release of ACID 0.9.6b22 in hopes that many of these issue will be addressed...but I am not holding my breath. So, by getting these releases, you will most likely be forced to do what I did and drop all the exisiting databases and recreate them with the new builds. Lots of work unfortunately. According to rumors, the schema 106 is supposed to allow snort to work around the duplicate sid/cid issue when integrating with ACID...perhaps if this is the case...wonder if the older versions of ACID might work with new schema ??? If memory serves me, ACID 0.9.13b had the archive problem but the graphing and AG maintenance worked....something to think about -----Original Message----- From: Cloppert, Michael [mailto:Michael.Cloppert () 53 com] Sent: Friday, September 06, 2002 11:40 AM To: 'Slighter, Tim'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Acid Issues with snort I've seen this graphing behavior and have been bitching about it constantly for months, but I've seen very little feedback - and no real resolutions - on this or the snort-devel list. At this point, I suspect the developers know of the problem and don't know how to fix it, given the severe lack of responses and documentation. By the way, how did you fix the duplicate events/alerts problem? I have ACID 0.9.6b21 as well and see the problem daily. I have literally hundreds of events that can't be archived because they're "duplicate", but looking in the database there are no duplicates, but there are other events that somehow got the same sid:cid. This is another thing I've been pleading with ANYONE to give me feedback on and, as always, have received none. mike -----Original Message----- From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Sent: Thursday, September 05, 2002 3:05 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Acid Issues with snort I have installed the latest releases of everything: PHP 4.30 ACID 0.9.6b21 Apache 2.0.40 mySQL 4.0.3 Adodb 231 GD 1.8.4 Phplot 4.4.6 on a new system and have documented and witnessed the following anomalies: While the archiving feature now works, even with duplicate events/alerts, now the AG Maintenance has some issues. When a new AG is created, only the ID shows up and no name. Attempting to edit the AG or delete it and create a new one, does not fix this problem. The name and description do NOT show up. The other issue is the graph tool. This did work in the previous release for ACID prior to ACID 0.9.6b20 but now the graphs do not render and present broken graphics. Guessing it has something to do with extracting the data from an AG, which are not functioning correctly. Anyone seen this or know of a "known" workaround ? Thanks
Current thread:
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Roman Danyliw (Oct 09)
- <Possible follow-ups>
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Cloppert, Michael (Oct 10)
- RE: Acid Issues with snort Slighter, Tim (Oct 10)