Snort mailing list archives

RE: ACID Concerns

From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 1 Apr 2003 13:45:16 -0700

curious, what version for PHP and mySQL are you using?

-----Original Message-----
From: Matt Yackley [mailto:Matt.Yackley () perkinswill com]
Sent: Tuesday, April 01, 2003 10:41 AM
To: 'Slighter, Tim'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] ACID Concerns

For what it is worth, I am testing Snort 2.0.0rc1 + ACID ..9.6b23 and
graphing is working fine for me at the moment, not sure about the archive
portion, I have yet to get the archive database setup.  Hopefully I should
have time to get the archive setup within the next couple of days.  Just
tried a query for "< April 1 2003" and it did not return any of today's
alerts, just the 30-31 (just got this setup & working Sunday afternoon).

Misc. Info
OS: RH 7.3
Snort: 2.0.0rc1 Build 61
ACID: 0.9.6b23
ADODB: 3.11
GD: 1.8.4
MySQL: 3.23.56-1
phplot: 4.4.6
PHP: 4.1.2-7.3.6
Apache: 1.3.27-2
jpgraph: 1.11

-matt

-----Original Message-----
From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
Sent: Tuesday, April 01, 2003 10:50 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] ACID Concerns

There are some other strange behavior patterns resulting from the latest
release of Acid 0.9.6b23: 

1)  The graphing does not work with phplot or jpgraph or both...far as I can
tell, never has 
2)  Queries do not work correctly, for example, if I run a search and
specify all and any dates less than April 1, 2003, events or alerts from
April 1, 2003 still show up in the query.  Which leads to #3

3)  When running a query, and then attempting to move the results of the
query to the archive database "2" things happen

        a)  All events "regardless" are moved to the archive database...even
from the dates you did not include in the query

        b)  Many of the events that are moved to the archive database, get
lost en route.  This was verified by selecting 3 specific    alerts that
were selected to be moved to the archive database...the move indicated
successful but when viewing the archive

        database, the alerts never showed up. 

This functionality has been tested with Acid 0.9.6b21b, Acid 0.9.6b22 and
Acid 0.9.6b23 

                                       **** Graphing does work with Acid
0.9.6b22*****

Current thread:

ACID Concerns Slighter, Tim (Apr 01)
- var HOME_NET question Rolf Brusletto (Apr 01)
- <Possible follow-ups>
- RE: ACID Concerns Matt Yackley (Apr 01)
- RE: ACID Concerns Slighter, Tim (Apr 01)