[Snort-users] Archiving In Acid

Kalajzich, Damon Damon.Kalajzich at ...11564...
Mon Apr 5 18:13:01 EDT 2004


I have running Acid on a Win2k box with PHP installed, Everything works fine
except archiving I have worked out that after selecting an Item to archive
Acid is then Querying The Archive Database for the Item and not finding it
there for I get an Error Stating that No alerts were selected or the
ARCHIVE-move was not successful. 
Has anyone seen anything like this before I have specified the Correct Live
and Archive Databases in the Acid_conf.php and these are the only changes I
have made to the php file apart form turning on the Debugging and SQL trace
log.  From the SQL trace log you can see that it is connecting to the
Archive Database running the Query on that and then attempting to insert the
entry back in to the Archive DB.
 
----------------------------------------------------------------------------
----

Connect [mysql] archive1 at ...11577...:3306 as root

[Apr 05 2004 16:53:12] /acid/acid_stat_alerts.php - db version 106

----------------------------------------------------------------------------
----

SELECT sig_id FROM signature WHERE sig_name='ICMP PING speedera'

INSERT INTO iphdr (sid,cid,

ip_src,

ip_dst,

ip_ver,ip_hlen,ip_tos,ip_len,ip_id,ip_flags,

ip_off,ip_ttl,ip_proto,ip_csum) VALUES (1, 115215, '1075599074',
'3523898084','4','5','0','84','57154','0','0','46','1','55673')


___________________________________________________
 
Damon Kalajzich
Security Administrator
Allens Arthur Robinson
Phone:  61 7 3334 3193
Mobile:  0414 549 135 

 

 

***********************************************************************

Allens Arthur Robinson online: http://www.aar.com.au

This email (including all attachments) may contain personal information 
and is intended solely for the named addressee. It is confidential and 
may be subject to legal or other professional privilege.  Any 
confidentiality or privilege is not waived or lost because this email 
has been sent to you by mistake.  If you have received it in error, 
please let us know by reply email, delete it from your system and 
destroy any copies.

This email is also subject to copyright. No part of it should be 
reproduced, adapted or communicated without the written consent of the 
copyright owner. Any personal information in this email must be handled 
in accordance with the Privacy Act 1988 (Cth).

Emails may be interfered with, may contain computer viruses or other 
defects and may not be successfully replicated on other systems. We 
give no warranties in relation to these matters. If you have any 
doubts about the authenticity of an email purportedly sent by us, 
please contact us immediately.  

***********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040405/6d6a08d8/attachment.html>


More information about the Snort-users mailing list