[Snort-users] ACID tables populated, charts seem OK, but some query results empty
subs at ...13742...
Thu Mar 30 05:29:07 EST 2006
Snort and ACID up for 12 hours, now - my acid_main.php shows:
Unique Alerts: 7 ( 5 categories )
Total Number of Alerts: 233
* Source IP addresses: 41
* Dest. IP addresses: 14
* Unique IP links 75
* Source Ports: 38
o TCP ( 2) UDP ( 36)
* Dest. Ports: 3
o TCP ( 1) UDP ( 2)
... with appropriate histograms for Traffic Profile by Protocol.
I can successfully chart Time vs. number of Alerts, and I see data in the
PROBLEM: Some standard queries from acid_main.php give me empty results
Unique alerts empty
Total Number of Alerts empty
Source IP addresses OK
Dest. IP addresses OK
Unique IP links OK
All source/dest ports queries OK
Most recent Alerts (all) empty (gives count of 15, for all)
Today's: alerts unique, listing empty (with counts)
Today's: alerts unique, src, dts OK
It appears that results are only shown where IPs are looked up - what could
be the problem?
Sorry if this is a FAQ (I have searched).
Any help appreciated.
More information about the Snort-users