[Snort-users] ACID tables populated, charts seem OK, but some query results empty
Bruce.Briggs at ...13183...
Thu Mar 30 07:24:07 EST 2006
Why not use BASE?
ACID is a dead product.
BASE is an improved and maintained fork from ACID.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of subs
Sent: Thursday, March 30, 2006 8:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ACID tables populated, charts seem OK, but some
query results empty
Snort and ACID up for 12 hours, now - my acid_main.php shows:
Unique Alerts: 7 ( 5 categories )
Total Number of Alerts: 233
* Source IP addresses: 41
* Dest. IP addresses: 14
* Unique IP links 75
* Source Ports: 38
o TCP ( 2) UDP ( 36)
* Dest. Ports: 3
o TCP ( 1) UDP ( 2)
... with appropriate histograms for Traffic Profile by Protocol.
I can successfully chart Time vs. number of Alerts, and I see data in
PROBLEM: Some standard queries from acid_main.php give me empty results
Unique alerts empty
Total Number of Alerts empty
Source IP addresses OK
Dest. IP addresses OK
Unique IP links OK
All source/dest ports queries OK
Most recent Alerts (all) empty (gives count of 15, for
Today's: alerts unique, listing empty (with counts)
Today's: alerts unique, src, dts OK
It appears that results are only shown where IPs are looked up - what
be the problem?
Sorry if this is a FAQ (I have searched).
Any help appreciated.
This SF.Net email is sponsored by xPML, a groundbreaking scripting
that extends applications into web and mobile media. Attend the live
and join the prime developer group breaking into this new coding
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users