[Snort-users] Acid Issues with snort
Michael.Cloppert at ...5884...
Fri Sep 6 10:46:07 EDT 2002
Please ignore my comments regarding duplicate events/alerts. I read this
email before I read Roman's post indicating this has been fixed in the snort
CVS for 1.9. also apologies for the duplicate post. d'oh!
I've seen this graphing behavior and have been bitching about it constantly
for months, but I've seen very little feedback - and no real resolutions -
on this or the snort-devel list. At this point, I suspect the developers
know of the problem and don't know how to fix it, given the severe lack of
responses and documentation.
By the way, how did you fix the duplicate events/alerts problem? I have
ACID 0.9.6b21 as well and see the problem daily. I have literally hundreds
of events that can't be archived because they're "duplicate", but looking in
the database there are no duplicates, but there are other events that
somehow got the same sid:cid. This is another thing I've been pleading with
ANYONE to give me feedback on and, as always, have received none.
From: Slighter, Tim [mailto:tslighter at ...5174...]
Sent: Thursday, September 05, 2002 3:05 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Acid Issues with snort
I have installed the latest releases of everything:
on a new system and have documented and witnessed the following anomalies:
While the archiving feature now works, even with duplicate events/alerts,
now the AG Maintenance has some issues. When a new AG is created, only the
ID shows up and no name. Attempting to edit the AG or delete it and create
a new one, does not fix this problem. The name and description do NOT show
The other issue is the graph tool. This did work in the previous release
for ACID prior to ACID 0.9.6b20 but now the graphs do not render and present
broken graphics. Guessing it has something to do with extracting the data
from an AG, which are not functioning correctly.
Anyone seen this or know of a "known" workaround ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users