Snort mailing list archives

Re: Recommendation for IDS reporting tools?

From: hchlai () netscape net (Hugo)
Date: Wed, 16 Mar 2005 08:58:53 -0500

I have submitted a detail problem description to the BASE project page in sourceforge.net under bug track "[ 1164491 ] 
Unique IP links sorting issue".
Alex, I'll test out the patch you provided and see if it works. Thanks!

Hugo

"Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk> wrote:



--On 15 March 2005 10:15 -0500 Hugo <hchlai () netscape net> wrote:

BASE works great until I find out Src IP doesn't sort properly.


I noticed something similar with ACID. My local production version includes 
the following patch I made:

--- acid_stat_uaddr.php~        2004-08-26 11:59:20.000000000 +0100
+++ acid_stat_uaddr.php 2004-08-26 11:59:20.000000000 +0100
@@ -96,9 +96,9 @@

  $qro->AddTitle($results_title,
                "addr_a", " ",
-                         " ORDER BY sig_name ASC",
+                         " ORDER BY $addr_type_name ASC",
                "addr_d", " ",
-                         " ORDER BY sig_name DESC");
+                         " ORDER BY $addr_type_name DESC");

  if ( $resolve_IP == 1 )
    $qro->AddTitle("FQDN");


That file will be named base_stat_uaddr.php in BASE, I think. Try making an 
equivalent patch yourself, and report back if it doesn't fix your problem, 
describing where sorting doesn't work properly.

Has anybody tried Aanval? Any testimonial? THanks in advance!


Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, it 
won't work with unified logging (which is a show-stopper for a production 
NIDS, IMHO).

Hugo


Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9


__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Recommendation for IDS reporting tools? Hugo (Mar 15)
- Re: Recommendation for IDS reporting tools? Esler, Joel CNTR/Sytex (Mar 15)
- Re: Recommendation for IDS reporting tools? Alex Butcher, ISC/ISYS (Mar 16)
- <Possible follow-ups>
- Re: Recommendation for IDS reporting tools? Hugo (Mar 15)
  - RE: Recommendation for IDS reporting tools? Jeff Dell (Mar 15)
    - Re: Recommendation for IDS reporting tools? sam wun (Mar 16)
    - RE: Recommendation for IDS reporting tools? Jeff Dell (Mar 16)
- Re: Recommendation for IDS reporting tools? Hugo (Mar 16)
- RE: Recommendation for IDS reporting tools? Basselgia, Barry A Mr (NAF Atsugi) (Mar 16)
- RE: Recommendation for IDS reporting tools? Hugo (Mar 17)
- Re: Recommendation for IDS reporting tools? Mark Teicher (Mar 21)