Snort mailing list archives

Re: Recommendation for IDS reporting tools?

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Wed, 16 Mar 2005 09:06:52 +0000



--On 15 March 2005 10:15 -0500 Hugo <hchlai () netscape net> wrote:

BASE works great until I find out Src IP doesn't sort properly.

I noticed something similar with ACID. My local production version includesthe following patch I made:


--- acid_stat_uaddr.php~        2004-08-26 11:59:20.000000000 +0100
+++ acid_stat_uaddr.php 2004-08-26 11:59:20.000000000 +0100
@@ -96,9 +96,9 @@

  $qro->AddTitle($results_title,
                "addr_a", " ",
-                         " ORDER BY sig_name ASC",
+                         " ORDER BY $addr_type_name ASC",
                "addr_d", " ",
-                         " ORDER BY sig_name DESC");
+                         " ORDER BY $addr_type_name DESC");

  if ( $resolve_IP == 1 )
    $qro->AddTitle("FQDN");

That file will be named base_stat_uaddr.php in BASE, I think. Try making anequivalent patch yourself, and report back if it doesn't fix your problem,describing where sorting doesn't work properly.

Has anybody tried Aanval? Any testimonial? THanks in advance!

Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, itwon't work with unified logging (which is a show-stopper for a productionNIDS, IMHO).

Hugo


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Recommendation for IDS reporting tools? Hugo (Mar 15)
- Re: Recommendation for IDS reporting tools? Esler, Joel CNTR/Sytex (Mar 15)
- Re: Recommendation for IDS reporting tools? Alex Butcher, ISC/ISYS (Mar 16)
- <Possible follow-ups>
- Re: Recommendation for IDS reporting tools? Hugo (Mar 15)
  - RE: Recommendation for IDS reporting tools? Jeff Dell (Mar 15)
    - Re: Recommendation for IDS reporting tools? sam wun (Mar 16)
    - RE: Recommendation for IDS reporting tools? Jeff Dell (Mar 16)
- Re: Recommendation for IDS reporting tools? Hugo (Mar 16)
- RE: Recommendation for IDS reporting tools? Basselgia, Barry A Mr (NAF Atsugi) (Mar 16)
- RE: Recommendation for IDS reporting tools? Hugo (Mar 17)
- Re: Recommendation for IDS reporting tools? Mark Teicher (Mar 21)