[Snort-users] Recommendation for IDS reporting tools?
hchlai at ...2792...
Wed Mar 16 06:00:32 EST 2005
I have submitted a detail problem description to the BASE project page in sourceforge.net under bug track "[ 1164491 ] Unique IP links sorting issue".
Alex, I'll test out the patch you provided and see if it works. Thanks!
"Alex Butcher, ISC/ISYS" <Alex.Butcher at ...11254...> wrote:
>--On 15 March 2005 10:15 -0500 Hugo <hchlai at ...2792...> wrote:
>> BASE works great until I find out Src IP doesn't sort properly.
>I noticed something similar with ACID. My local production version includes
>the following patch I made:
>--- acid_stat_uaddr.php~ 2004-08-26 11:59:20.000000000 +0100
>+++ acid_stat_uaddr.php 2004-08-26 11:59:20.000000000 +0100
>@@ -96,9 +96,9 @@
> "addr_a", " ",
>- " ORDER BY sig_name ASC",
>+ " ORDER BY $addr_type_name ASC",
> "addr_d", " ",
>- " ORDER BY sig_name DESC");
>+ " ORDER BY $addr_type_name DESC");
> if ( $resolve_IP == 1 )
>That file will be named base_stat_uaddr.php in BASE, I think. Try making an
>equivalent patch yourself, and report back if it doesn't fix your problem,
>describing where sorting doesn't work properly.
>> Has anybody tried Aanval? Any testimonial? THanks in advance!
>Tried it, didn't like it; not as functional as ACID/BASE, and, IIRC, it
>won't work with unified logging (which is a show-stopper for a production
>Alex Butcher: Security & Integrity, Personal Computer Systems Group
>Information Systems and Computing GPG Key ID: F9B27DC9
>GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
More information about the Snort-users