[Snort-users] Scripting things in ACID/php

Steve Halligan agent33 at ...187...
Mon Feb 4 13:22:03 EST 2002


A while ago, someone asked if there was a way to script the update of the
ACID event cache table, in order to avoid long page loads on busy networks
or if ACID hadn't been accessed in a long time.

I suggested leaving a browser windows open, and using its auto_refresh to
keep the cache updated.

I am here today to say I have seen the light and there is an easier way!

If you have php compiled as a CGI, you can use it just like you would use a
perl or shell script.
By the way, if you are using PHP as an apache module, you can also compile
it as a cgi and use it both ways.

You can then simply use cron to schedule it.

This could also be done to automate email sending on alert, archiving, etc
etc.

The attached script updates the alert cache.
Please excuse the bit of html it spits out, I call the update_alert function
in acid which outputs in html.

run it like this:
/path/to/acid/acid_event_update.php

The -q flag in the script supresses php's generator headers.
Make sure to change the first line in the script to reflect where you have
the php binary installed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: acid_event_update.php
Type: application/octet-stream
Size: 2245 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020204/901f765b/attachment.obj>


More information about the Snort-users mailing list