[Snort-users] Recommendation for IDS reporting tools?
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Wed Mar 16 01:07:30 EST 2005
--On 15 March 2005 10:15 -0500 Hugo <hchlai at ...2792...> wrote:
> BASE works great until I find out Src IP doesn't sort properly.
I noticed something similar with ACID. My local production version includes
the following patch I made:
--- acid_stat_uaddr.php~ 2004-08-26 11:59:20.000000000 +0100
+++ acid_stat_uaddr.php 2004-08-26 11:59:20.000000000 +0100
@@ -96,9 +96,9 @@
"addr_a", " ",
- " ORDER BY sig_name ASC",
+ " ORDER BY $addr_type_name ASC",
"addr_d", " ",
- " ORDER BY sig_name DESC");
+ " ORDER BY $addr_type_name DESC");
if ( $resolve_IP == 1 )
That file will be named base_stat_uaddr.php in BASE, I think. Try making an
equivalent patch yourself, and report back if it doesn't fix your problem,
describing where sorting doesn't work properly.
> Has anybody tried Aanval? Any testimonial? THanks in advance!
Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, it
won't work with unified logging (which is a show-stopper for a production
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users