[Snort-users] Re: ACID Configuration

roman at ...438... roman at ...438...
Sat Nov 11 12:03:27 EST 2000


Frank,

You may have read about the AIR/CERT project
(http://www.cert.org/kb/aircert/) one of whose goals is a
cross-administrative domain incident reporting infrastructure.  The
database to store these aggregated alerts is a superset of the existing
Snort DB tables.  ACID is one of the tools that can be used to examine this
collected data. The "mod_snort_config" variable in acid_conf.php is a
switch which controls whether any additional data (non-Snort) is present
and should be used.

Essentially, it is a variable left for future use.  Thus, for the present
time, leave this variable at its default setting ($mod_snort_config = 0).

cheers,
Roman



                                                                                           
                    "Frank Reid"                                                           
                    <fcreid at ...782...        To:     "Roman Danyliw" <roman at ...438...>       
                    rner.org>            cc:     <snort-users at lists.sourceforge.net>       
                                         Subject:     ACID Configuration                   
                    11/10/00                                                               
                    08:25 PM                                                               
                                                                                           
                                                                                           



Roman,

What is the "mod_snort_config" switch in ACID's acid_conf.php settings?  I
don't see any mention of it in the documentation, but it appears to be
called in the PacketLookup function.  Thanks.

Frank










More information about the Snort-users mailing list