Snort mailing list archives
RE: Acid Issues with snort
From: "Cloppert, Michael" <Michael.Cloppert () 53 com>
Date: Thu, 10 Oct 2002 10:51:22 -0400
The new version of ACID looks great. Now, I guess I'm the ONLY one still having graphing problems. When I go to graph data, I get an error from jpgraph that says "JpGraph Error: Empty data array specified for plot. Must have at least one data point". Before anyone asks, yes, there were plenty of alerts that took place in the "Chart Begin/End" window I've specified. When i put acid into debug mode (1), I see that data does in fact show up. Specifically: -- Dumping data ... (writing only every 1) 0 -- 10/09/2002 - 1336 1 -- 10/10/2002 - 933 -- ...so i know the data's there. I'm not sure if I've got something misconfigured, or if acid is having a problem passing data to jpgraph, or possibly even that the second is a result of the first. If anyone's had this problem and gotten it resolved, OR if anyone has any ideas, comments are MUCH appreciated!! Thanks in advance, Mike
-----Original Message----- From: Roman Danyliw [mailto:roman () danyliw com] Sent: Wednesday, October 09, 2002 1:58 PM To: Slighter, Tim Cc: 'Cloppert, Michael'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Acid Issues with snortYes indeed, still having problems with the graphing and theAG stuff and nosolutions or feedback. As for getting the archive thing towork...I had toresort to getting the latest PHP (being a while back) theversion happens tobe PHP4-200208211200 with Acid 0.9.6b21 and mySQL 3.23.51.Upgrade to the just released 0.9.6b22 version of ACID.So, by getting these releases, you will most likely beforced to do what Idid and drop all the exisiting databases and recreate themwith the newbuilds.There are upgrade instructions in the Snort Changelog for converting v104+ DB schema into v106.Lots of work unfortunately. According to rumors, the schema 106 is supposed to allow snort to work around the duplicatesid/cid issue whenintegrating with ACID...The change to DB schema v106 should address the duplicate sid/cid issue.perhaps if this is the case...wonder if the older versions of ACID might work with new schema ???ACID v0.9.6b22 works with Snort DB schema v100-106 (i.e., Snort 1.8 and 1.9). cheers, Roman-----Original Message----- From: Cloppert, Michael [mailto:Michael.Cloppert () 53 com] Sent: Friday, September 06, 2002 11:40 AM To: 'Slighter, Tim'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Acid Issues with snort I've seen this graphing behavior and have been bitchingabout it constantlyfor months, but I've seen very little feedback - and noreal resolutions -on this or the snort-devel list. At this point, I suspectthe developersknow of the problem and don't know how to fix it, given thesevere lack ofresponses and documentation. By the way, how did you fix the duplicate events/alertsproblem? I haveACID 0.9.6b21 as well and see the problem daily. I haveliterally hundredsof events that can't be archived because they're"duplicate", but looking inthe database there are no duplicates, but there are otherevents thatsomehow got the same sid:cid. This is another thing I'vebeen pleading withANYONE to give me feedback on and, as always, have received none. mike -----Original Message----- From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Sent: Thursday, September 05, 2002 3:05 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Acid Issues with snort I have installed the latest releases of everything: PHP 4.30 ACID 0.9.6b21 Apache 2.0.40 mySQL 4.0.3 Adodb 231 GD 1.8.4 Phplot 4.4.6 on a new system and have documented and witnessed thefollowing anomalies:While the archiving feature now works, even with duplicateevents/alerts,now the AG Maintenance has some issues. When a new AG iscreated, only theID shows up and no name. Attempting to edit the AG ordelete it and createa new one, does not fix this problem. The name anddescription do NOT showup. The other issue is the graph tool. This did work in theprevious releasefor ACID prior to ACID 0.9.6b20 but now the graphs do notrender and presentbroken graphics. Guessing it has something to do withextracting the datafrom an AG, which are not functioning correctly. Anyone seen this or know of a "known" workaround ? Thanks
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Roman Danyliw (Oct 09)
- <Possible follow-ups>
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Cloppert, Michael (Oct 10)
- RE: Acid Issues with snort Slighter, Tim (Oct 10)