[Snort-users] ACID default sort order

Vadim Pushkin wiskbroom at ...125...
Wed May 8 07:12:05 EDT 2002


oldest first, click on the ">" next to timestamp
to reorder by most recent first.

Vadim


>From: John Sage <jsage at ...2022...>
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] ACID default sort order
>Date: Tue, 7 May 2002 11:55:16 -0700
>
>I tried asking this a week ago and got no response, so, being a
>glutton for punishment I'll ask again:
>
>What is the default sort order for ACID when displaying the very
>fundamental query: "Last 24 hours" "alerts" "listing"?
>
>In other words, show me all alerts for the last 24 hours.
>
>The sort order returned is not obvious, or rather there doesn't seem
>to be any:
>
>
>To: blahblahblah at ...5802...
>Subject: ACID Incident Report
>From: ACID Alert <acid at ...5802...>
>
>Generated by ACID v0.9.6b21 on Tue May 07, 2002 10:47:09
>
>#109-2| [2002-05-07 09:28:28] 12.243.218.140 -> 12.82.128.54  ICMP echo 
>request
>
>This (above) is out of order by time and by sensor-id
>
>#109-8| [2002-05-07 10:19:41] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-7| [2002-05-07 10:19:41] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-6| [2002-05-07 10:19:39] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-5| [2002-05-07 10:19:10] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-4| [2002-05-07 10:19:07] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-3| [2002-05-07 10:19:04] 12.165.7.15:137 -> 12.82.128.54:137  UDP to 
>137 netBIOS ns
>#109-1| [2002-05-07 09:11:33] 12.82.128.120:1065 -> 12.82.128.54:137  UDP 
>to 137 netBIOS ns
>
>#108-14| [2002-05-07 07:26:15] 199.84.183.4:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-13| [2002-05-07 07:26:14] 199.84.183.4:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-12| [2002-05-07 07:26:12] 199.84.183.4:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>
>The above alerts are out-of-order relative to those above..
>
>#108-7| [2002-05-07 04:19:09] 12.82.129.235:1028 -> 12.82.129.79:137  UDP 
>to 137 netBIOS ns
>#108-6| [2002-05-07 04:07:07] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-5| [2002-05-07 04:07:06] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-4| [2002-05-07 04:07:04] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-3| [2002-05-07 04:06:43] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-2| [2002-05-07 04:06:42] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>#108-1| [2002-05-07 04:06:40] 12.165.7.15:137 -> 12.82.129.79:137  UDP to 
>137 netBIOS ns
>
>#108-11| [2002-05-07 05:26:55] 65.117.191.10:55742 -> 12.82.129.79:111  TCP 
>to 111 sunrpc
>#108-10| [2002-05-07 05:26:52] 65.117.191.10:55742 -> 12.82.129.79:111  TCP 
>to 111 sunrpc
>
>The above alerts are out-of-order..
>
>#108-9| [2002-05-07 04:55:18] 148.235.14.185:32263 -> 12.82.129.79:80  TCP 
>to 80 http
>#108-8| [2002-05-07 04:55:12] 148.235.14.185:32263 -> 12.82.129.79:80  TCP 
>to 80 http
>
>The above alerts are out-of-order..
>
>#107-3| [2002-05-06 22:07:37] 217.136.191.9 -> 12.82.131.37  ICMP echo 
>request
>
>#107-4| [2002-05-06 22:51:34] 131.183.60.105:4659 -> 12.82.131.37:1433  TCP 
>to 1433 MS MySQL server
>
>blah blah blah...
>
>#107-2| [2002-05-06 16:44:24] 12.245.236.184:4630 -> 12.82.131.37:80  TCP 
>to 80 http
>#107-1| [2002-05-06 16:44:21] 12.245.236.184:4630 -> 12.82.131.37:80  TCP 
>to 80 http
>
>#106-1| [2002-05-06 11:29:25] 12.82.131.207:1238 -> 12.82.131.64:137  UDP 
>to 137 netBIOS ns
>#106-2| [2002-05-06 12:42:44] 166.114.114.2:3937 -> 12.82.131.64:53  TCP to 
>53 domain
>
>and blah blah blah..
>
>
>
>Is the sensor-id pair not a primary key, or in fact any key whatsoever?
>
>Is the date-time not a primary key, or in fact any key whatsoever?
>
>Again, at the risk of repetition, what should be the primary sort
>order for this very fundamental query?
>
>
>- John
>--
>In those days, you could not buy a $2000 200MHz Pentium server.
>
>PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
>Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
>
>_______________________________________________________________
>
>Have big pipes? SourceForge.net is looking for download mirrors. We supply
>the hardware. You get the recognition. Email Us: bandwidth at ...382...
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx





More information about the Snort-users mailing list