[Snort-users] ACID tables populated, charts seem OK, but some query results empty
subs at ...13742...
Thu Mar 30 07:43:10 EST 2006
Bruce (and others),
Thanks for the heads-up - I've also now been informed off-list of ACID's
If I'd realised it was dead I'd have gone straight for BASE - which I will
Mind you, this on ACID's homepage:
"It should be noted that ACID is the result of ongoing work at the CERT
Coordination Center for the AIRCERT project"
...doesn't help much.
I've mailed the maintainer and requested a note be put on the ACID homepage.
From: Briggs, Bruce [mailto:Bruce.Briggs at ...13183...]
Sent: 30 March 2006 17:23
To: subs; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] ACID tables populated, charts seem OK, but some
query results empty
Why not use BASE?
ACID is a dead product.
BASE is an improved and maintained fork from ACID.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of subs
Sent: Thursday, March 30, 2006 8:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ACID tables populated, charts seem OK, but some query
Snort and ACID up for 12 hours, now - my acid_main.php shows:
Unique Alerts: 7 ( 5 categories )
Total Number of Alerts: 233
* Source IP addresses: 41
* Dest. IP addresses: 14
* Unique IP links 75
* Source Ports: 38
o TCP ( 2) UDP ( 36)
* Dest. Ports: 3
o TCP ( 1) UDP ( 2)
... with appropriate histograms for Traffic Profile by Protocol.
I can successfully chart Time vs. number of Alerts, and I see data in the
PROBLEM: Some standard queries from acid_main.php give me empty results
Unique alerts empty
Total Number of Alerts empty
Source IP addresses OK
Dest. IP addresses OK
Unique IP links OK
All source/dest ports queries OK
Most recent Alerts (all) empty (gives count of 15, for
Today's: alerts unique, listing empty (with counts)
Today's: alerts unique, src, dts OK
It appears that results are only shown where IPs are looked up - what could
be the problem?
Sorry if this is a FAQ (I have searched).
Any help appreciated.
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users