[Snort-users] Acid quickie

Schmehl, Paul L pauls at ...6838...
Mon Jun 23 08:58:27 EDT 2003


I almost hate to tell you this, but....

You can sort the alerts in ascending or descending order simply by
clicking on the "<" or ">" beside the alert column.  There's no need to
modify ACID.

AAMOF, you'll find those "<" and ">" links beside almost every column.
So, for example, you can click on the 15 most frequent alerts and sort
them by the Total (ascending or descending) or by the Signature or
Classification or Src Addr. Or Dest. Addr. Or First or Last.

Once you're selected an signature you can sort by Signature, Timestamp,
Source Address, Dest. Address or Layer 4 Proto (ascending or descending
in every case.)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

> -----Original Message-----
> From: Zack Jordan [mailto:zackj26 at ...131...] 
> Sent: Saturday, June 21, 2003 10:29 PM
> To: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Acid quickie
> 
> 
> A Coworker made these changes, not sure if its what
> you are looking for:
> 
> Changes made to acid_stat_common.php so that alerts
> are now 
> sorted in descending (Newest alerts first) order. 
> 
> - $event_cnt_info[1] = '<A 
> HREF="acid_qry_main.php?&num_result_rows=-1'. 
>                        
> '&submit=Query+DB&current_view=1">'; 
> + $event_cnt_info[1] = '<A
> HREF="acid_qry_main.php?&num_result_rows=-1'. 
>                        
> '&submit=Query+DB&current_view=1&sort_order=time_d">';




More information about the Snort-users mailing list