[Snort-users] Acid Issues with snort
Michael.Cloppert at ...5884...
Thu Oct 10 07:52:04 EDT 2002
The new version of ACID looks great. Now, I guess I'm the ONLY one still
having graphing problems.
When I go to graph data, I get an error from jpgraph that says "JpGraph
Error: Empty data array specified for plot. Must have at least one data
point". Before anyone asks, yes, there were plenty of alerts that took
place in the "Chart Begin/End" window I've specified.
When i put acid into debug mode (1), I see that data does in fact show up.
Dumping data ... (writing only every 1)
0 -- 10/09/2002 - 1336
1 -- 10/10/2002 - 933
...so i know the data's there. I'm not sure if I've got something
misconfigured, or if acid is having a problem passing data to jpgraph, or
possibly even that the second is a result of the first. If anyone's had
this problem and gotten it resolved, OR if anyone has any ideas, comments
are MUCH appreciated!!
Thanks in advance,
> -----Original Message-----
> From: Roman Danyliw [mailto:roman at ...438...]
> Sent: Wednesday, October 09, 2002 1:58 PM
> To: Slighter, Tim
> Cc: 'Cloppert, Michael'; 'snort-users at lists.sourceforge.net'
> Subject: RE: [Snort-users] Acid Issues with snort
> > Yes indeed, still having problems with the graphing and the
> AG stuff and no
> > solutions or feedback. As for getting the archive thing to
> work...I had to
> > resort to getting the latest PHP (being a while back) the
> version happens to
> > be PHP4-200208211200 with Acid 0.9.6b21 and mySQL 3.23.51.
> Upgrade to the just released 0.9.6b22 version of ACID.
> > So, by getting these releases, you will most likely be
> forced to do what I
> > did and drop all the exisiting databases and recreate them
> with the new
> > builds.
> There are upgrade instructions in the Snort Changelog for
> converting v104+
> DB schema into v106.
> > Lots of work unfortunately. According to rumors, the schema 106 is
> > supposed to allow snort to work around the duplicate
> sid/cid issue when
> > integrating with ACID...
> The change to DB schema v106 should address the duplicate
> sid/cid issue.
> > perhaps if this is the case...wonder if the older
> > versions of ACID might work with new schema ???
> ACID v0.9.6b22 works with Snort DB schema v100-106 (i.e.,
> Snort 1.8 and
> > -----Original Message-----
> > From: Cloppert, Michael [mailto:Michael.Cloppert at ...5884...]
> > Sent: Friday, September 06, 2002 11:40 AM
> > To: 'Slighter, Tim'; 'snort-users at lists.sourceforge.net'
> > Subject: RE: [Snort-users] Acid Issues with snort
> > I've seen this graphing behavior and have been bitching
> about it constantly
> > for months, but I've seen very little feedback - and no
> real resolutions -
> > on this or the snort-devel list. At this point, I suspect
> the developers
> > know of the problem and don't know how to fix it, given the
> severe lack of
> > responses and documentation.
> > By the way, how did you fix the duplicate events/alerts
> problem? I have
> > ACID 0.9.6b21 as well and see the problem daily. I have
> literally hundreds
> > of events that can't be archived because they're
> "duplicate", but looking in
> > the database there are no duplicates, but there are other
> events that
> > somehow got the same sid:cid. This is another thing I've
> been pleading with
> > ANYONE to give me feedback on and, as always, have received none.
> > mike
> > -----Original Message-----
> > From: Slighter, Tim [mailto:tslighter at ...5174...]
> > Sent: Thursday, September 05, 2002 3:05 PM
> > To: 'snort-users at lists.sourceforge.net'
> > Subject: [Snort-users] Acid Issues with snort
> > I have installed the latest releases of everything:
> > PHP 4.30
> > ACID 0.9.6b21
> > Apache 2.0.40
> > mySQL 4.0.3
> > Adodb 231
> > GD 1.8.4
> > Phplot 4.4.6
> > on a new system and have documented and witnessed the
> following anomalies:
> > While the archiving feature now works, even with duplicate
> > now the AG Maintenance has some issues. When a new AG is
> created, only the
> > ID shows up and no name. Attempting to edit the AG or
> delete it and create
> > a new one, does not fix this problem. The name and
> description do NOT show
> > up.
> > The other issue is the graph tool. This did work in the
> previous release
> > for ACID prior to ACID 0.9.6b20 but now the graphs do not
> render and present
> > broken graphics. Guessing it has something to do with
> extracting the data
> > from an AG, which are not functioning correctly.
> > Anyone seen this or know of a "known" workaround ?
> > Thanks
More information about the Snort-users