[Snort-users] ACID Reports via Command Line

Steve Halligan giermo at ...187...
Thu Sep 12 07:59:06 EDT 2002

>Is it possible to generate ACID reports via the command line instead of
>through the GUI?  It would be nice to run the reports ina cron job.


Here is an email I sent to the list awhile back on this very topic.
Attached is a sample script that updates the event cache using this method

--------------begin excerpted email-------------------------

A while ago, someone asked if there was a way to script the update of the
ACID event cache table, in order to avoid long page loads on busy networks
or if ACID hadn't been accessed in a long time.

I suggested leaving a browser windows open, and using its auto_refresh to
keep the cache updated.

I am here today to say I have seen the light and there is an easier way!

If you have php compiled as a CGI, you can use it just like you would use a
perl or shell script.
By the way, if you are using PHP as an apache module, you can also compile
it as a cgi and use it both ways.

You can then simply use cron to schedule it.

This could also be done to automate email sending on alert, archiving, etc

The attached script updates the alert cache.
Please excuse the bit of html it spits out, I call the update_alert function
in acid which outputs in html.

run it like this:

The -q flag in the script supresses php's generator headers.
Make sure to change the first line in the script to reflect where you have
the php binary installed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: acid_event_update.php
Type: application/octet-stream
Size: 2245 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020912/3a6560f9/attachment.obj>

More information about the Snort-users mailing list