[Snort-users] inconsistency in acid-0.9.6b10?

roman at ...438... roman at ...438...
Tue May 22 18:15:01 EDT 2001


I believe this issue has been fixed with the latest commit to CVS.

NOTE: Significant changes have been made to the code
related to alert actions (e.g. delete, email, add to AG).  Regression
testing may be required to validate previous functionality.

[snip from CHANGELOG]

+ configuration parameter (max_script_runtime) to set max_execution_time
   PHP variable for time consuming operations
+ fixed bug with shared state incorrectly being carried over from 
   acid_stat_ipaddr links back to query results (reported: 
   <dmuz at ...324...>, Andreas Hasenack <andreas at ...814...>)
+ re-organized and consolidated all code related to alert actions

> I'm looking up an IP address and the table I get says:
> 
> Num of sensors	Occurrances as src	As dest.	First					Last
> 2				   8				  0         2001-05-08 16:27:16 	2001-05-20 18:22:06 
> 
> 
> So far, so good. But when I click on that "8" number to see these occurances,
> the timestamp doesn't match. I don't get an event with that "first" date
> nor with that "last" date, but only events in between.
> In fact, that "last" date is the date of the most recent event in my database,
> and it has nothing to do with that IP I'm looking up. It doesn't matter what IP I
> lookup, I always get as "Last occurance" the most recent event on my database.
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list