[Snort-users] ACID: more alerts than I asked for in acid_stat_uaddr... :)
andreas at ...1574...
Sun Jun 24 11:36:41 EDT 2001
This is interesting. The behaviour I described only happens when using
links as the browser (and it still happens today, with the CVS version).
Using Mozilla, for example, or Netscape, it works as expected.
Em Wed, Jun 20, 2001 at 01:37:01PM +0000, roman at ...438... escreveu:
> Bad GET arguments in a the hyperlink, I believe. Patched and
> commited. Let me know if this was the only instance of
> this issue.
> > > ACID from CVS (updated a few minutes ago)
> > >
> > > I'm in the "today's unique alerts" page. There I see an alert
> > > which has:
> > > Total: 1
> > > # Sensors: 1
> > > Src addr.: 1
> > > Dst addr.: 1
> > > First and last: the same date/time
> > >
> > > When I click on, say, "src addr", I get two alerts (the same signature),
> > > one from today, and another from another day (the day before, in my case).
> > > The same happens if I click on "Total", I get these two results instead of
> > > the one that happened today.
More information about the Snort-users