Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ACID tables populated, charts seem OK, but some query results empty

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Thu, 30 Mar 2006 10:23:01 -0500
Why not use BASE?
ACID is a dead product.
BASE is an improved and maintained fork from ACID.
http://secureideas.sourceforge.net/

Bruce 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of subs
Sent: Thursday, March 30, 2006 8:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ACID tables populated, charts seem OK, but some
query results empty

Snort and ACID up for 12 hours, now - my acid_main.php shows:

Sensors: 1
Unique Alerts: 7    (   5 categories   )
Total Number of Alerts: 233
    * Source IP addresses: 41
    * Dest. IP addresses: 14
    * Unique IP links 75
    * Source Ports: 38
          o TCP ( 2)  UDP ( 36)
    * Dest. Ports: 3
          o TCP ( 1)  UDP ( 2)

... with appropriate histograms for Traffic Profile by Protocol.

I can successfully chart Time vs. number of Alerts, and I see data in
the
acid tables.

PROBLEM: Some standard queries from acid_main.php give me empty results
Sensors                         OK
Unique alerts                   empty
Categories                              OK
Total Number of Alerts          empty
Source IP addresses             OK
Dest. IP addresses              OK
Unique IP links                 OK
All source/dest ports queries   OK

Snapshot queries:
Most recent Alerts (all)                empty (gives count of 15, for
all)
Today's: alerts unique, listing empty (with counts)
Today's: alerts unique, src, dts        OK

Etc...

It appears that results are only shown where IPs are looked up - what
could
be the problem?

Sorry if this is a FAQ (I have searched).

Any help appreciated.
S



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting
language
that extends applications into web and mobile media. Attend the live
webcast
and join the prime developer group breaking into this new coding
territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: