[Snort-users] Recommendation for IDS reporting tools?

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Wed Mar 16 01:07:30 EST 2005


--On 15 March 2005 10:15 -0500 Hugo <hchlai at ...2792...> wrote:

> BASE works great until I find out Src IP doesn't sort properly.

I noticed something similar with ACID. My local production version includes 
the following patch I made:

--- acid_stat_uaddr.php~        2004-08-26 11:59:20.000000000 +0100
+++ acid_stat_uaddr.php 2004-08-26 11:59:20.000000000 +0100
@@ -96,9 +96,9 @@

   $qro->AddTitle($results_title,
                 "addr_a", " ",
-                         " ORDER BY sig_name ASC",
+                         " ORDER BY $addr_type_name ASC",
                 "addr_d", " ",
-                         " ORDER BY sig_name DESC");
+                         " ORDER BY $addr_type_name DESC");

   if ( $resolve_IP == 1 )
     $qro->AddTitle("FQDN");


That file will be named base_stat_uaddr.php in BASE, I think. Try making an 
equivalent patch yourself, and report back if it doesn't fix your problem, 
describing where sorting doesn't work properly.

> Has anybody tried Aanval? Any testimonial? THanks in advance!

Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, it 
won't work with unified logging (which is a show-stopper for a production 
NIDS, IMHO).

> Hugo

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list