[Snort-users] ACID 0.9.6b14 questions

Poppi, Sandro Sandro.Poppi at ...3316...
Mon Sep 17 01:35:01 EDT 2001


I'm having some probs regarding acid 0.9.6b14 in conjunction with snort
1.8.1 on a RedHat 7.0 box with mysql 3.23.32:

1. Using any of the new Snapshot entries 

	Last Source Ports: any , TCP , UDP 
	Last Destination Ports: any , TCP , UDP 

results in

	Database ERROR:You have an error in your SQL syntax near '' at line
1

All other functions I tested work (nearly) as expected (see 2.)

2. The search form and querying only for an ip address does not work for
portscan alerts. If the given ip address is only logged for portscan alerts
it can't be queried, if there are other alarms for the ip address they will
be shown.

Any hints?

TIA
Sandro




More information about the Snort-users mailing list