[Snort-users] Acid Issues with snort

Slighter, Tim tslighter at ...5174...
Thu Oct 10 08:39:14 EDT 2002


That one was actually pretty easy.  You must specify a beginning and end
date in the provided fields.  You must also extract the data from an AG.
After doing this I did manage to get an actual graph of the data!!

-----Original Message-----
From: Cloppert, Michael [mailto:Michael.Cloppert at ...5884...]
Sent: Thursday, October 10, 2002 8:51 AM
To: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Acid Issues with snort


The new version of ACID looks great.  Now, I guess I'm the ONLY one still
having graphing problems.

When I go to graph data, I get an error from jpgraph that says "JpGraph
Error: Empty data array specified for plot. Must have at least one data
point".  Before anyone asks, yes, there were plenty of alerts that took
place in the "Chart Begin/End" window I've specified.

When i put acid into debug mode (1), I see that data does in fact show up.
Specifically:
--
Dumping data ... (writing only every 1)
0 -- 10/09/2002 - 1336
1 -- 10/10/2002 - 933
--
...so i know the data's there.  I'm not sure if I've got something
misconfigured, or if acid is having a problem passing data to jpgraph, or
possibly even that the second is a result of the first.  If anyone's had
this problem and gotten it resolved, OR if anyone has any ideas, comments
are MUCH appreciated!!

Thanks in advance,
Mike

> -----Original Message-----
> From: Roman Danyliw [mailto:roman at ...438...]
> Sent: Wednesday, October 09, 2002 1:58 PM
> To: Slighter, Tim
> Cc: 'Cloppert, Michael'; 'snort-users at lists.sourceforge.net'
> Subject: RE: [Snort-users] Acid Issues with snort
> 
> 
> > Yes indeed, still having problems with the graphing and the 
> AG stuff and no
> > solutions or feedback.  As for getting the archive thing to 
> work...I had to
> > resort to getting the latest PHP (being a while back) the 
> version happens to
> > be PHP4-200208211200 with Acid 0.9.6b21 and mySQL 3.23.51.
> 
> Upgrade to the just released 0.9.6b22 version of ACID.
> 
> > So, by getting these releases, you will most likely be 
> forced to do what I
> > did and drop all the exisiting databases and recreate them 
> with the new
> > builds.
> 
> There are upgrade instructions in the Snort Changelog for 
> converting v104+
> DB schema into v106.
> 
> > Lots of work unfortunately.  According to rumors, the schema 106 is
> > supposed to allow snort to work around the duplicate 
> sid/cid issue when
> > integrating with ACID...
> 
> The change to DB schema v106 should address the duplicate 
> sid/cid issue.
> 
> > perhaps if this is the case...wonder if the older
> > versions of ACID might work with new schema ???
> 
> ACID v0.9.6b22 works with Snort DB schema v100-106 (i.e., 
> Snort 1.8 and
> 1.9).
> 
> cheers,
> Roman
> 
> 
> >
> >  -----Original Message-----
> > From: Cloppert, Michael [mailto:Michael.Cloppert at ...5884...]
> > Sent: Friday, September 06, 2002 11:40 AM
> > To: 'Slighter, Tim'; 'snort-users at lists.sourceforge.net'
> > Subject: RE: [Snort-users] Acid Issues with snort
> >
> >
> >
> > I've seen this graphing behavior and have been bitching 
> about it constantly
> > for months, but I've seen very little feedback - and no 
> real resolutions -
> > on this or the snort-devel list.  At this point, I suspect 
> the developers
> > know of the problem and don't know how to fix it, given the 
> severe lack of
> > responses and documentation.
> >
> > By the way, how did you fix the duplicate events/alerts 
> problem?  I have
> > ACID 0.9.6b21 as well and see the problem daily.  I have 
> literally hundreds
> > of events that can't be archived because they're 
> "duplicate", but looking in
> > the database there are no duplicates, but there are other 
> events that
> > somehow got the same sid:cid.  This is another thing I've 
> been pleading with
> > ANYONE to give me feedback on and, as always, have received none.
> >
> > mike
> >
> > -----Original Message-----
> > From: Slighter, Tim [mailto:tslighter at ...5174...]
> > Sent: Thursday, September 05, 2002 3:05 PM
> > To: 'snort-users at lists.sourceforge.net'
> > Subject: [Snort-users] Acid Issues with snort
> >
> >
> >
> > I have installed the latest releases of everything:
> >
> > PHP 4.30
> > ACID 0.9.6b21
> > Apache 2.0.40
> > mySQL 4.0.3
> > Adodb 231
> > GD 1.8.4
> > Phplot 4.4.6
> >
> >
> >  on a new system and have documented and witnessed the 
> following anomalies:
> >
> > While the archiving feature now works, even with duplicate 
> events/alerts,
> > now the AG Maintenance has some issues.  When a new AG is 
> created, only the
> > ID shows up and no name.  Attempting to edit the AG or 
> delete it and create
> > a new one, does not fix this problem.  The name and 
> description do NOT show
> > up.
> >
> > The other issue is the graph tool.  This did work in the 
> previous release
> > for ACID prior to ACID 0.9.6b20 but now the graphs do not 
> render and present
> > broken graphics.  Guessing it has something to do with 
> extracting the data
> > from an AG, which are not functioning correctly.
> >
> > Anyone seen this or know of a "known" workaround ?
> >
> > Thanks
> >
> >
> >
> 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list