[Snort-users] Acid Protocol prob. (all alerts reported as ICMP)
chris at ...714...
Mon Oct 30 14:07:17 EST 2000
I just upgraded snort on all of my collectors to the current CVS version, grabbed the latest b6 version of Acid, and purged my database and recreated it. Now the main page of Acid reports all events as being the protocol of type "ICMP" even though they are verifiably not. If I click on an Unique Alerts and zero in on a event that is not ICMP, Acid shows the correct protocol for it. I tried reverting back to the b4 of Acid, but still have the same problem. It appears I broke something.
Has anyone else observed and resolved this problem? I'm sure it is something I have blundered, but I cannot pinpoint the mistake.
Secondly is there an archive of this list where I could check to make sure I am not asking something that has already been covered? =)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users