Re: Acid 0.9.6b6 Reference Links

[roman () danyliw com]

Brad,

Ok, we're making some progress ...

> On another note, it appears that the "Sort Order" function of "search" is
> broken in v0.9.6b9 and v0.9.6b12.

Do you mean that the "Sort Order" from the Search page is
broken?  How about the sorting via the "<" ">" symbols in
the query results.  If you don't mind configure ACID for
debug mode (change $debug_mode=1 in acid_conf) and
send me the output of the page where sorting is not working.

You can send that output directly to me.
 
cheers,
Roman

> ----- Original Message -----
> From: <roman () danyliw com>
> To: "Brad T." <bthaler () webstream net>
> Cc: <snort-users () lists sourceforge net>
> Sent: Monday, July 23, 2001 6:13 AM
> Subject: Re: [Snort-users] Acid 0.9.6b6 Reference Links
>
>
> > Take a look at the newly updated ACID FAQ question #D-1
> >
> > http://acidlab.sourceforge.net/acid_faq.html
> >
> > Roman
> >
> > > OK.  I've upgraded to 0.9.6b9 and still no hyperlinks.  Additionally,
> now I
> > > get this PHP error on the header:
> > > Warning: open(/tmp\sess_5036f68ba761e2c5c61446f724c67d70, O_RDWR)
> failed: m
> > > (2) in C:\snort\html\acid9\acid_common.php on line 125
> > >
> > > And these PHP errors in the footer:
> > > Warning: open(/tmp\sess_5036f68ba761e2c5c61446f724c67d70, O_RDWR)
> failed: m
> > > (2) in Unknown on line 0
> > > Warning: Failed to write session data (files). Please verify that the
> > > current setting of session.save_path is correct (/tmp) in Unknown on
> line 0
> > > Thanks,
> > > Brad T.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: <roman () danyliw com>
> > > To: "Brad T." <bthaler () webstream net>
> > > Cc: <snort-users () lists sourceforge net>
> > > Sent: Friday, July 20, 2001 11:48 AM
> > > Subject: Re: [Snort-users] Acid 0.9.6b6 Reference Links
> > >
> > >
> > > > > > From my rules file "...(msg:"MISC Large ICMP Packet"; dsize: >800;
> > > > > reference:arachnids,246;)".
> > > > >
> > > > > So I should be seeing hyperlinks, right?
> > > >
> > > > Indeed you should see hyperlinks.  Update to ACID v0.9.6b9+
> > > >
> > > > Roman
> > > >
> > > > > ----- Original Message -----
> > > > > From: <rdanyliw () voicenet com>
> > > > > To: "Brad T." <bthaler () webstream net>
> > > > > Cc: <snort-users () lists sourceforge net>
> > > > > Sent: Friday, July 20, 2001 10:35 AM
> > > > > Subject: Re: [Snort-users] Acid 0.9.6b6 Reference Links
> > > > >
> > > > >
> > > > > > > For example, when snort detects a "Large ICMP Packet", and puts
> it
> > > into
> > > > > the
> > > > > > > database, Acid shows "MISC Large ICMP Packet" in the "signature"
> > > field
> > > > > of
> > > > > > > its output.  Shouldn't this be a hyperlink to the corresponding
> > > entry in
> > > > > the
> > > > > > > arachnids database?
> > > > > >
> > > > > > Examine the specific rule "Large ICMP Packet" in the Snort rules
> > > > > > file, do you see a corresponding "reference: arachnids, 123"?
> > > > > > (the number is unimportant).  I checked the default Snort-1.7
> > > > > > rule set and this particular rule did not come with a reference.
> > > > > > Hence ACID cannot provide a link for it.
> > > > > >
> > > > > > If you do have a reference tag though, then this confirms that
> > > > > > ACID is broken, which if memory serves, there was a bug in
> > > > > > reference support at some point in the past.  I recommend
> > > > > > upgrading to a mimimum of b9 to fix this issue.
> > > > > >
> > > > > > Roman
> > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: <roman () danyliw com>
> > > > > > > To: "Brad T." <bthaler () webstream net>
> > > > > > > Cc: <snort-users () lists sourceforge net>
> > > > > > > Sent: Friday, July 20, 2001 10:03 AM
> > > > > > > Subject: Re: [Snort-users] Acid 0.9.6b6 Reference Links
> > > > > > >
> > > > > > >
> > > > > > > > > I can't figure out why I'm not able to use the whitehats.com
> > > > > reference
> > > > > > > > > hyperlinks that acid is supposed to generate.  I'm no PHP
> > > programmer
> > > > > by
> > > > > > > any
> > > > > > > > > means, but I can see the code that is supposed to do this in
> > > > > > > acid_common.php
> > > > > > > > > (lines 379-391 and 414-418).
> > > > > > > >
> > > > > > > > Do you signatures look like "IDS/100 foo"?
> > > > > > > >
> > > > > > > > > BTW, I've tried acid-0.9.6b12 and got a bunch of PHP errors,
> so
> > > I
> > > > > went
> > > > > > > back
> > > > > > > > > to b6 for now.
> > > > > > > >
> > > > > > > > What were these errors?
> > > > > > > >
> > > > > > > > Roman
> > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------------------------
> > > > > > This message was sent using Voicenet WebMail.
> > > > > >       http://www.voicenet.com/webmail/
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Snort-users mailing list
> > > > > > Snort-users () lists sourceforge net
> > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > Snort-users list archive:
> > > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users () lists sourceforge net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > > >
> > > >
> > > > ---------------------------------------------
> > > > This message was sent using Voicenet WebMail.
> > > >       http://www.voicenet.com/webmail/
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> > ---------------------------------------------
> > This message was sent using Voicenet WebMail.
> >       http://www.voicenet.com/webmail/
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users