[snort-users] ACID Error -- no snort.signature table

roman at ...438... roman at ...438...
Tue May 8 10:01:23 EDT 2001


Jeff,

The issue related to the "no snort.signature table" has been fixed.
These are the diffs which will patch the version 0.9.6b8 code.
Alternatively, you could download version 0.9.6b9 which also
includes this fix.

file: acid_stat_common.php
================================
159,160d158
<   $schema_version = db_schema_version($db);
< 
162c160
<   if ( ($DBtype == "postgres") && ( $schema_version == 100 ) )
---
>   if ( ($DBtype == "postgres") && (db_schema_version($db) == 100) )
166c164
<   else if ( $schema_version >= 100 )
---
>   else
170,174d167
<   else
<       $result = $db->acidExecute("SELECT count(event.sid) FROM event ".
<                                  "WHERE signature LIKE 'spp_portscan%'");
< 
< 
============================

> - I don't get a graph of "Traffic Profile by Protocol" which I guess means that
> PHPlot is not properly installed.  It was super unclear how to install PHPlot
> from either the PHPlot web site or the ACID docs.  Any hints.

The "Traffic Profile by Protocol" graph is not generated by PHPlot.  
The missing graph is a result of the earlier error (no signature 
table).  PHPlot is used for the"Graphing alert data" functionality; 
 NOTE: it is currently highly experimental

> - If ACID works better with Snort 1.8, how can I get the beta code off of
> sourceforge.  I tried the snort-daily.tar.gz link from an earlier thread, but
> it didn't work.

The short answer is yes.  A number of schema changes were 
introduces in Snort 1.8 which will make ACID faster.  However,
all functionality should still exist even if you continue to use
Snort 1.7.

cheers,
Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list