[Snort-users] ACID Concerns
Matt.Yackley at ...5858...
Tue Apr 1 09:47:25 EST 2003
For what it is worth, I am testing Snort 2.0.0rc1 + ACID ..9.6b23 and
graphing is working fine for me at the moment, not sure about the archive
portion, I have yet to get the archive database setup. Hopefully I should
have time to get the archive setup within the next couple of days. Just
tried a query for "< April 1 2003" and it did not return any of today's
alerts, just the 30-31 (just got this setup & working Sunday afternoon).
OS: RH 7.3
Snort: 2.0.0rc1 Build 61
From: Slighter, Tim [mailto:tslighter at ...5174...]
Sent: Tuesday, April 01, 2003 10:50 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] ACID Concerns
There are some other strange behavior patterns resulting from the latest
release of Acid 0.9.6b23:
1) The graphing does not work with phplot or jpgraph or both...far as I can
tell, never has
2) Queries do not work correctly, for example, if I run a search and
specify all and any dates less than April 1, 2003, events or alerts from
April 1, 2003 still show up in the query. Which leads to #3
3) When running a query, and then attempting to move the results of the
query to the archive database "2" things happen
a) All events "regardless" are moved to the archive database...even
from the dates you did not include in the query
b) Many of the events that are moved to the archive database, get
lost en route. This was verified by selecting 3 specific alerts that
were selected to be moved to the archive database...the move indicated
successful but when viewing the archive
database, the alerts never showed up.
This functionality has been tested with Acid 0.9.6b21b, Acid 0.9.6b22 and
**** Graphing does work with Acid
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users