[Snort-users] Acid and Mysql with Snort

Richard Menedetter ricsi at ...6303...
Fri Jul 12 07:50:02 EDT 2002


X-To: "Hutchinson, Andrew" <Andrew.Hutchinson at ...3639...>
Hi

Some ACID feature wishes.
(I hope it is still developed further)

* it would be great if ACID would better support the archive table.
Eg you could switch between the normal and the archive table, without
installinf acid twice. (and one could do an additional button on the source
address page, where acid would search for the actual IP in the archive.)

* I would like to have a switch in the cfg file, where, when switched on,
ACID would show not only the IP but also the domainname of the source
address in the overview table.

* it would be great if there were an action where snort would mail the
details of the selected alerts to www.dshield.org.

* it would be great if the graphics capabilities would be spiced up a bit

Spade question:
everytime I do a FTP transfer spade shows me a higy anomaly value from
ftp:20 to me:xxx.
Can't spade ignore such FTP connections ??

Mysql index question:
 HA> 2. Creating indexes
 HA> Some of the required indexes are not created in initial MySQL creation
 HA> script. The following indexes can be added to significantly improve
 HA> performance:
 HA> tcphdr.tcp_sport
 HA> tcphdr.tcp_dport
 HA> acid_ag_alert.ag_sid + acid_ag_alert.ag_cid

How do you do it ??
are the index-names irrelevant ??
is it done like this:
create index acid_ag_alert_i on acid_ag_alert (ag_sid, ag_cid);

CU, Ricsi

-- 
|~)o _ _o  Richard Menedetter <ricsi at ...6303...> {ICQ: 7659421} (PGP)
|~\|(__\|  -=> Virus Warning: (S)top (C)ontinue (B)urn infected disk <=-




More information about the Snort-users mailing list