[Snort-users] snort and acid - Traffic Profile by Protocol doesnt update correctly

sekure sekure at ...11827...
Mon Sep 13 06:10:11 EDT 2004


John,

Snort reports on ALL the traffic that it saw, so it's a pretty good
representation of your network traffic.  ACID reports on only what it
has in its database, so the percentages are a representation of the
type of traffic that caused the alerts.  So even if UDP makes up only
1% of your traffic, it's entirely possible that it is causing 80% of
all of your alerts, especially with the default snort config files.  I
suspect SNMP rules, if you are doing any sort of network monitoring.

HTH

On Sat, 11 Sep 2004 10:46:45 +0000, John Oost <johnoost at ...125...> wrote:
> Thanks for the reply. If that's the case then it doenst work. The output
> from snort -v doesnt match the traffic bars in Acid. It seems it just
> doesn't update the traffic stats correctly. I already tried disabling the
> caching of IE but that didnt work either. Any ideas?
>




More information about the Snort-users mailing list