[Snort-users] Acid graphs broken?

bthaler at ...2720... bthaler at ...2720...
Wed Oct 24 13:40:09 EDT 2001


Actually I deleted the AG and data so it is gone.  But I have created a new one just to test this.
Now we're trying to graph for today 24 OCT 2001.

I am not able to produce any graphs in Acid (the gd test graphs are fine, so I know my gd works).
I can confirm that the AG contains 355 alerts for 24 OCT 2001.

Here is the output of debug (it's quite long):

<--- BEGIN DEBUG OUTPUT --->
Chart criteria
Array
(
    [0] => LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid)
    [1] => ag_id = 2 AND (  UNIX_TIMESTAMP(timestamp) >=  UNIX_TIMESTAMP('2001-10-24 000000')
AND  UNIX_TIMESTAMP(timestamp) <=  UNIX_TIMESTAMP('2001-10-24 230000')       )
)

chart_type = 1
data_source = 2
year_start year_end month_start month_end  day_start day_end hour_start hour_end
2001 2001 10 10 24 24 0 23
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 0
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 1
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 2
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 3
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 4
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 5
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 6
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 7
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 8
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 9
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 10
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 11
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 12
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 13
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 14
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 15
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 16
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 17
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 18
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 19
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 20
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 21
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 22
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 23
chart_type = 1
data_source = 2

Handling Period if necessary ...
Dumping data ... (writing only every 1)
0 -- 0 - 0
1 -- 1 - 0
2 -- 2 - 0
3 -- 3 - 0
4 -- 4 - 0
5 -- 5 - 0
6 -- 6 - 0
7 -- 7 - 0
8 -- 8 - 0
9 -- 9 - 0
10 -- 10 - 0
11 -- 11 - 0
12 -- 12 - 0
13 -- 13 - 0
14 -- 14 - 0
15 -- 15 - 0
16 -- 16 - 355
17 -- 17 - 0
18 -- 18 - 0
19 -- 19 - 0
20 -- 20 - 0
21 -- 21 - 0
22 -- 22 - 0
23 -- 23 - 0
<--- END DEBUG OUTPUT --->

Thanks for your help,
Brad T.




----- Original Message -----
From: <roman at ...438...>
To: <bthaler at ...2720...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, October 24, 2001 12:29 PM
Subject: Re: [Snort-users] Acid graphs broken?


> - Are you able to produce any graphs?
>
> - Can you confirm that there exists data for the 10/23/2001 in this alert
> group?
>
> - If so, enable $debug_mode=1 in acid_conf.php and send me the output.
>
> Roman
>
> On Tue, 23 Oct 2001 bthaler at ...2720... wrote:
>
> > I didn't see this in the Acid FAQ, so forgive me if it's been covered before.
> >
> > I'm using Snort-1.8 MySQL on WinNT4 SP6.
> > ACID v0.9.6b16 with PHP 4.0.6
> >
> > I have added some alerts to a newly created AG and I'm trying to graph the contents of
> the AG.
> > I go to the acid_graph_main.php page and use the following params:
> > Chart Type:  Time (hour) vs. Number of Alerts
> > Chart Period:  24  (whole day)
> > Graph Type:  Line (I tried all)
> > Chart Begin:  0    23    OCT    2001
> > Chart End:  23    23    OCT 2001
> > Data Source: (My AG)
> >
> > This is the output I get:
> > No array of data in $data_values
> >
> > Please Help,
> > Brad T
>
>
>
> ---------------------------------------------
> This message was sent using Voicenet WebMail.
>       http://www.voicenet.com/webmail/
>
>
>





More information about the Snort-users mailing list