Snort mailing list archives

ACID bug with archiving

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Thu, 25 Apr 2002 15:09:59 -0400 (EDT)

Hello all,

I found a nice bug in ACID. I though its a feature or a misconfig, but now
I am confident its a BUG.

Context:

Linux ids 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
ACID: 03/03/2002: 0.9.6b21
PHP etc stuff: standard for RH 7.2

Situation:

Regular and archive db created. Search done. When number of search results
is big (100,000-200,000) the "Archive {move} all query results" hangs for
a while (1-3 minutes) and then returns blank page with ACID headers and
nothing else. Nothing is moved. If I use "Archive {move} all on screen" -
everything is fine. I HAD to move all this tuff into archive and my only
workaround was to set disaply results to "5000" instead of 50 and use
"Archive {move} all on screen". For smaller queries, "Archive {move} all
query results" works fine.

I DID adjust timeout in acid_conf.php to have a large value.

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Q-ICMP rule/IDS202 mike (Apr 25)
- <Possible follow-ups>
- RE: Q-ICMP rule/IDS202 Wirth, Jeff (Apr 25)
  - ACID bug with archiving Anton A. Chuvakin (Apr 25)