[Snort-users] Acid Issues with snort

Slighter, Tim tslighter at ...5174...
Wed Oct 9 11:55:04 EDT 2002


Downloaded the newly release ACID 0.9.6b22 as well as the JpGraph
(http://www.aditus.nu/jpgraph/)
and have done testing with most all of the strange issues that everyone has
been having....ie:

Graphs
AG Maintenace
Queries
Archiving
Duplicate alerts

And at this point, so far everything has worked GREAT.  This may be
premature at this point in time.  But in terms of the more prevalent
issues...EXCELLENT work Roman and Team !  Thanks

-----Original Message-----
From: Roman Danyliw [mailto:roman at ...438...]
Sent: Wednesday, October 09, 2002 11:58 AM
To: Slighter, Tim
Cc: 'Cloppert, Michael'; 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Acid Issues with snort


> Yes indeed, still having problems with the graphing and the AG stuff and
no
> solutions or feedback.  As for getting the archive thing to work...I had
to
> resort to getting the latest PHP (being a while back) the version happens
to
> be PHP4-200208211200 with Acid 0.9.6b21 and mySQL 3.23.51.

Upgrade to the just released 0.9.6b22 version of ACID.

> So, by getting these releases, you will most likely be forced to do what I
> did and drop all the exisiting databases and recreate them with the new
> builds.

There are upgrade instructions in the Snort Changelog for converting v104+
DB schema into v106.

> Lots of work unfortunately.  According to rumors, the schema 106 is
> supposed to allow snort to work around the duplicate sid/cid issue when
> integrating with ACID...

The change to DB schema v106 should address the duplicate sid/cid issue.

> perhaps if this is the case...wonder if the older
> versions of ACID might work with new schema ???

ACID v0.9.6b22 works with Snort DB schema v100-106 (i.e., Snort 1.8 and
1.9).

cheers,
Roman


>
>  -----Original Message-----
> From: Cloppert, Michael [mailto:Michael.Cloppert at ...5884...]
> Sent: Friday, September 06, 2002 11:40 AM
> To: 'Slighter, Tim'; 'snort-users at lists.sourceforge.net'
> Subject: RE: [Snort-users] Acid Issues with snort
>
>
>
> I've seen this graphing behavior and have been bitching about it
constantly
> for months, but I've seen very little feedback - and no real resolutions -
> on this or the snort-devel list.  At this point, I suspect the developers
> know of the problem and don't know how to fix it, given the severe lack of
> responses and documentation.
>
> By the way, how did you fix the duplicate events/alerts problem?  I have
> ACID 0.9.6b21 as well and see the problem daily.  I have literally
hundreds
> of events that can't be archived because they're "duplicate", but looking
in
> the database there are no duplicates, but there are other events that
> somehow got the same sid:cid.  This is another thing I've been pleading
with
> ANYONE to give me feedback on and, as always, have received none.
>
> mike
>
> -----Original Message-----
> From: Slighter, Tim [mailto:tslighter at ...5174...]
> Sent: Thursday, September 05, 2002 3:05 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Acid Issues with snort
>
>
>
> I have installed the latest releases of everything:
>
> PHP 4.30
> ACID 0.9.6b21
> Apache 2.0.40
> mySQL 4.0.3
> Adodb 231
> GD 1.8.4
> Phplot 4.4.6
>
>
>  on a new system and have documented and witnessed the following
anomalies:
>
> While the archiving feature now works, even with duplicate events/alerts,
> now the AG Maintenance has some issues.  When a new AG is created, only
the
> ID shows up and no name.  Attempting to edit the AG or delete it and
create
> a new one, does not fix this problem.  The name and description do NOT
show
> up.
>
> The other issue is the graph tool.  This did work in the previous release
> for ACID prior to ACID 0.9.6b20 but now the graphs do not render and
present
> broken graphics.  Guessing it has something to do with extracting the data
> from an AG, which are not functioning correctly.
>
> Anyone seen this or know of a "known" workaround ?
>
> Thanks
>
>
>




More information about the Snort-users mailing list