[Snort-users] ACID tables populated, charts seem OK, but some query results empty

subs subs at ...13742...
Thu Mar 30 05:29:07 EST 2006


Snort and ACID up for 12 hours, now - my acid_main.php shows:

Sensors: 1
Unique Alerts: 7    (   5 categories   )
Total Number of Alerts: 233
    * Source IP addresses: 41
    * Dest. IP addresses: 14
    * Unique IP links 75
    * Source Ports: 38
          o TCP ( 2)  UDP ( 36)
    * Dest. Ports: 3
          o TCP ( 1)  UDP ( 2)

... with appropriate histograms for Traffic Profile by Protocol.

I can successfully chart Time vs. number of Alerts, and I see data in the
acid tables.

PROBLEM: Some standard queries from acid_main.php give me empty results
Sensors				OK
Unique alerts			empty
Categories				OK
Total Number of Alerts		empty
Source IP addresses		OK
Dest. IP addresses		OK
Unique IP links			OK
All source/dest ports queries	OK

Snapshot queries:
Most recent Alerts (all)		empty (gives count of 15, for all)
Today's: alerts unique, listing	empty (with counts)
Today's: alerts unique, src, dts	OK

Etc...

It appears that results are only shown where IPs are looked up - what could
be the problem?

Sorry if this is a FAQ (I have searched).

Any help appreciated.
S





More information about the Snort-users mailing list