Hi Greg,<div><br></div><div>We'd be glad to help you troubleshoot any performance issues you're having with Security Onion over on our mailing list:<br><a href="http://groups.google.com/group/security-onion">http://groups.google.com/group/security-onion</a></div>
<div><br></div><div>Thanks,</div><div>Doug</div><div><br><div class="gmail_quote">On Fri, May 18, 2012 at 1:56 PM, Greg Williams <span dir="ltr"><<a href="mailto:alphawebfx@...11827..." target="_blank">alphawebfx@...843.....11827...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I tried it and was a little disappointed in how slow it was running for me.  I only gave it about 15 minutes, but I was definitely losing more packets than my custom install.  Maybe it's better now. ~400-500 MBps sustained.<div class="HOEnZb">
<div class="h5"><br>
<br><div class="gmail_quote">On Fri, May 18, 2012 at 11:53 AM, Rick Chisholm <span dir="ltr"><<a href="mailto:chavez243@...11827..." target="_blank">chavez243@...11827...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

FWIW - you can always take a look at Security Onion - it has a bunch of Snort front-ends you can play with.<br><br>First we had ACID and it went ker-splat, then BASE, which is dying on the vine. Not sure what the next move is, all I know is that I need a functional front-end and for right now that's Snorby.<div>

<div><br>
<br><div class="gmail_quote">On Fri, May 18, 2012 at 1:46 PM, Greg Williams <span dir="ltr"><<a href="mailto:alphawebfx@...11827..." target="_blank">alphawebfx@...11827...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div bgcolor="#FFFFFF"><div>Well said! I 100% agree. Even though I have alerts forwarding via syslog to other destinations like Splunk, there is just something about BASE that trumps everything else.  I've tried many other apps as well including Snorby and Sguil.<br>



<br><br></div><div><div><div><br>On May 18, 2012, at 11:36 AM, Ron Sinclair <<a href="mailto:unixfool@...11827..." target="_blank">unixfool@...979...11827...</a>> wrote:<br><br></div><div></div><blockquote type="cite">
<div>I hear such statements all the time.  Would be nice if someone took BASE and revamped (but not whole-hog) it.<br>
<br>I've been using BASE for almost 10 years, even after using both Sguil and Snorby.  There's something about BASE that Snorby just can't match...just my opinion.  I do check Snorby from time to time to assess any new features.  Last I checked, it still had a long way to go, so I kept using BASE.  Sguil...I don't know, since I never force myself to spend enough time to better utilize it.  I usually just get frustrated and wipe it out.<br>




<br>BASE seems less maintenance intensive than either Sguil and Snorby.  I don't want to have to learn Ruby/Rails to use Snorby.  I didn't really have to understand all that much about PHP to begin using BASE, and I already had a good knowledge of MySQL, Snort, and Apache (and a multitude of other things).  I'll be using BASE for another 10 years, or until something else (that isn't Sguil or Snorby) is released. If that doesn't happen, I'll go straight to the raw logs and begin using correlation scripts and tools.<br>




<br><div class="gmail_quote">On Fri, May 18, 2012 at 1:06 PM, Rick Chisholm <span dir="ltr"><<a href="mailto:chavez243@...11827..." target="_blank">chavez243@...11827...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




Hi Dennis:<br><br>BASE is getting pretty long in the tooth, does not appear to be actively developed and as PHP advances, is slowly breaking. It is advisable to switch to something like Snorby, Sguil etc.<br><br><div class="gmail_quote">




<div><div>
On Fri, May 18, 2012 at 12:37 PM, Dennis Circolone <span dir="ltr"><<a href="mailto:djcircolone@...11827..." target="_blank">djcircolone@...391...1827...</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div><div>
<div>Hello,</div>
<div>I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything is working great except for the portscan traffic stays at 0% after an NMAP test and when I select source ports link or dest ports link I recieve an error.Does anyone know how I can resolve this issue?</div>







<div>
<div> </div>
<div> </div>
<div> Basic Analysis and Security Engine (BASE) </div>
<div> </div>
<table style="BORDER-BOTTOM:0px;BORDER-LEFT:0px;PADDING-BOTTOM:0px;PADDING-LEFT:0px;PADDING-RIGHT:0px;BORDER-TOP:0px;BORDER-RIGHT:0px;PADDING-TOP:0px" width="100%">
<tbody>
<tr>
<td rowspan="2" align="left">
<div>
<table width="100%">
<tbody>
<tr>
<td style="TEXT-ALIGN:left">- Today's alerts: </td>
<td><a href="http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">unique</a></td>







<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1" target="_blank">listing</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Source IP</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Destination IP</a></td>






</tr>
<tr>
<td style="TEXT-ALIGN:left">- Last 24 Hours alerts: </td>
<td><a href="http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">unique</a></td>







<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1" target="_blank">listing</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Source IP</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Destination IP</a></td>






</tr>
<tr>
<td style="TEXT-ALIGN:left">- Last 72 Hours alerts: </td>
<td><a href="http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">unique</a></td>







<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1" target="_blank">listing</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Source IP</a></td>







<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+" target="_blank">Destination IP</a></td>






</tr>
<tr>
<td style="TEXT-ALIGN:left">- Most recent 15 Alerts:</td>
<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any" target="_blank">any protocol</a></td>
<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP" target="_blank">TCP</a></td>
<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP" target="_blank">UDP</a></td>
<td><a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP" target="_blank">ICMP</a></td></tr>
<tr>
<td style="TEXT-ALIGN:left">- Last Source Ports: </td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d" target="_blank">any protocol</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d" target="_blank">TCP</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d" target="_blank">UDP</a></td></tr>
<tr>
<td style="TEXT-ALIGN:left">- Last Destination Ports: 
</td><td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d" target="_blank">any protocol</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d" target="_blank">TCP</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d" target="_blank">UDP</a></td></tr>
<tr>
<td style="TEXT-ALIGN:left">- Most Frequent Source Ports: </td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d" target="_blank">any protocol</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d" target="_blank">TCP</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d" target="_blank">UDP</a></td></tr>
<tr>
<td style="TEXT-ALIGN:left">- Most Frequent Destination Ports: </td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d" target="_blank">any protocol</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d" target="_blank">TCP</a></td>
<td><a href="http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d" target="_blank">UDP</a></td></tr>
<tr>
<td style="TEXT-ALIGN:left">- Most frequent 15 Addresses:</td>
<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d" target="_blank">Source</a></td>
<td><a href="http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d" target="_blank">Destination</a></td></tr>
<tr>
<td colspan="2">- <a href="http://10.2.7.170/base/base_stat_alerts.php?caller=last_alerts&sort_order=last_d" target="_blank">Most recent 15 Unique Alerts</a></td></tr>
<tr>
<td colspan="2">- <a href="http://10.2.7.170/base/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d" target="_blank">Most frequent 5 Unique Alerts</a></td></tr></tbody></table></div></td>
<td align="right" valign="top">
<div><b>Queried on </b>: Fri May 18, 2012 16:34:43<br><b>Database:</b> snort@...274...    (<b>Schema Version:</b> 107) <br><b>Time Window:</b> [2012-05-18 11:05:19] - [2012-05-18 11:06:55] </div>
</td></tr>
<tr>
<td align="center" valign="top"><b><a href="http://10.2.7.170/base/base_qry_main.php?new=1" target="_blank">Search</a></b><br><b><a href="http://10.2.7.170/base/base_graph_main.php" target="_blank">Graph Alert Data</a></b><br>





<a href="http://10.2.7.170/base/base_stat_time.php" target="_blank">Graph Alert Detection Time</a><br>
<br></td></tr></tbody></table>
<hr>

<table style="BORDER-BOTTOM:0px;BORDER-LEFT:0px;BORDER-TOP:0px;BORDER-RIGHT:0px" width="100%">
<tbody>
<tr>
<td valign="top" width="30%"><b>Sensors/Total:</b> <a href="http://10.2.7.170/base/base_stat_sensor.php" target="_blank">1</a> / 2 <br><b>Unique Alerts:</b> <a href="http://10.2.7.170/base/base_stat_alerts.php" target="_blank">1</a><br>






<b>Categories: </b><a href="http://10.2.7.170/base/base_stat_class.php?sort_order=class_a" target="_blank">1</a><br><b>Total Number of Alerts:</b> <a href="http://10.2.7.170/base/base_qry_main.php?&num_result_rows=-1&submit=Query+DB&current_view=-1" target="_blank">48</a> 
<ul>
<li>Src IP addrs: <a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1" target="_blank">13</a> 
</li><li>Dest. IP addrs: <a href="http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2" target="_blank">1</a> 
</li><li>Unique IP links <a href="http://10.2.7.170/base/base_stat_iplink.php" target="_blank">13</a> 
</li><li>
<p>Source Ports: <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=-1" target="_blank">2</a></p>
</li><li>
<ul>
<li>TCP ( <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=6" target="_blank">0</a>)  UDP ( <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=17" target="_blank">2</a>)</li>





</ul>
</li><li>Dest Ports: <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=-1" target="_blank">2</a> 
</li><li>
<ul>
<li>TCP ( <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=6" target="_blank">0</a>)  UDP ( <a href="http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=17" target="_blank">2</a>)</li>





</ul></li>
</ul></td>
<td valign="top" width="70%"><b>Traffic Profile by Protocol</b> 
<table width="100%" border="0">
<tbody>
<tr>
<td>TCP<a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB" target="_blank"> (0%)</a></td>
<td></td></tr></tbody></table>
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td align="center" width="0%" bgcolor="#cccccc"> </td></tr></tbody></table>
<table width="100%" border="0">
<tbody>
<tr>
<td>UDP<a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&num_result_rows=-1&sort_order=time_d&submit=Query+DB" target="_blank"> (100%)</a></td>
<td></td></tr></tbody></table>
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td align="center" width="100%" bgcolor="#ff0000"> </td>
<td width="0%" bgcolor="#cccccc"> </td></tr></tbody></table>
<table width="100%" border="0">
<tbody>
<tr>
<td>ICMP<a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&num_result_rows=-1&sort_order=time_d&submit=Query+DB" target="_blank"> (0%)</a></td>
<td></td></tr></tbody></table>
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td align="center" width="0%" bgcolor="#cccccc"> </td></tr></tbody></table>
<center>
<hr width="70%" noshade>
</center>
<table width="100%" border="0">
<tbody>
<tr>
<td>Portscan Traffic <a href="http://10.2.7.170/base/base_qry_main.php?new=1&layer4=RawIP&num_result_rows=-1&sort_order=time_d&submit=Query+DB" target="_blank">(0%)</a> </td>
<td></td></tr></tbody></table>
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td align="center" width="0%" bgcolor="#cccccc"> </td></tr></tbody></table></td></tr></tbody></table></div>
<div> </div>
<div>
<div> Basic Analysis and Security Engine (BASE) </div>
<div>
<table width="90%" border="0">
<tbody>
<tr>
<td><a href="http://10.2.7.170/base/base_main.php" target="_blank">Home</a>  |   <a href="http://10.2.7.170/base/base_qry_main.php?new=1" target="_blank">Search</a>  </td></tr></tbody></table></div>
<table width="100%">
<tbody>
<tr>
<td align="right">[ <font size="-0"><a href="http://10.2.7.170/base/base_main.php?back=1&" target="_blank">Back</a></font> ]</td></tr></tbody></table><br><font color="#ff0000"><br>/srv/www/htdocs/base/includes/base_cache.inc.php:556: ERROR: $number_sensors_array is NOT an array!<br>






</font><br><font color="#ff0000"><br>/srv/www/htdocs/base/includes/base_cache.inc.php:564: ERROR: $number_sensors_array is either NULL or empty!<br></font><br> <b>Queried on</b><font size="-0"> : Fri May 18, 2012 16:36:23</font> 
<table bgcolor="#000000" border="0" cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td>
<table bgcolor="#dddddd" border="0" cellpadding="1" cellspacing="0">
<tbody>
<tr>
<td>
<table bgcolor="#ffffff" border="0" cellpadding="2" cellspacing="1">
<tbody>
<tr>
<td>Meta Criteria</td>
<td><i>   any </i>  </td></tr>
<tr>
<td>IP Criteria</td>
<td><i>   any </i>  </td></tr>
<tr>
<td>Layer 4 Criteria</td>
<td><i>   none </i></td></tr>
<tr>
<td>Payload Criteria</td>
<td><i>   any </i>  </td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table>
<p><b>No Alerts were found.</b> 
</p><p>
</p><form method="post" name="137611c4c2a68407_1376114d5990a0ab_137610e6b3a33f27_13760edad4419f90_13760d32a2c9962f_PacketForm" action="http://base_stat_ports.php" target="_blank" onsubmit="return window.confirm("You are submitting information to an external page.\nAre you sure?");">






<table width="100%" bgcolor="#000000" border="0" cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td>
<table width="100%" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td>   </td>
<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_a" target="_blank"><</a> Port <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_a" target="_blank"><</a> Sensor <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_a" target="_blank"><</a> Occurrences <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_a" target="_blank"><</a>  Unique Alerts <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_a" target="_blank"><</a> Src. Addr. <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_a" target="_blank"><</a> Dest. Addr. <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_a" target="_blank"><</a> First <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_d" target="_blank">></a> </td>







<td> <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_a" target="_blank"><</a> Last <a href="http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_d" target="_blank">></a> </td>






</tr><tr><td><input value="1" name="port_type" type="hidden"> </td></tr></tbody></table></td></tr></tbody></table>
<center>
<table border="1">
<tbody>
<tr>
<td align="center">ACTION<br><select name="action"> <option selected value=" ">{ action }</option><option value="ag_by_id">ADD to AG (by ID)</option><option value="ag_by_name">ADD to AG (by Name)</option><option value="add_new_ag">Create AG (by Name)</option><option value="del_alert">Delete alert(s)</option><option value="email_alert">Email alert(s) (full)</option><option value="email_alert2">Email alert(s) (summary)</option><option value="csv_alert">Email alert(s) (csv)</option><option value="archive_alert">Archive alert(s) (copy)</option><option value="archive_alert2">Archive alert(s) (move)</option></select> <input name="action_arg"> <input value="Selected" name="submit" type="submit"> <input value="ALL on Screen" name="submit" type="submit"> </td>






</tr></tbody></table></center><input name="caller" type="hidden"> <input name="num_result_rows" type="hidden"> <input value="0" name="current_view" type="hidden"> <input value="1" name="port_type" type="hidden"> <input value="1" name="proto" type="hidden"> <input name="sort_order" type="hidden"> </form>






<p></p><p></p></div>
<br></div></div>------------------------------------------------------------------------------<br>
Live Security Virtual Conference<br>
Exclusive live event will cover all the ways today's security and<br>
threat landscape has changed and how IT managers can respond. Discussions<br>
will include endpoint security, mobile security and the latest in malware<br>
threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<span><font color="#888888"><br></font></span></blockquote></div><span><font color="#888888"><br>




<br clear="all"><br>-- <br>Rick Chisholm<br><a href="http://parallel42.ca" target="_blank">http://parallel42.ca</a><br>
<a href="http://appliedusers.ca" target="_blank">http://appliedusers.ca</a><br>=========================<br>"There is no faith which has never yet been broken, except that of a truly faithful dog." - Konrad Lorenz<br>






</font></span><br>------------------------------------------------------------------------------<br>
Live Security Virtual Conference<br>
Exclusive live event will cover all the ways today's security and<br>
threat landscape has changed and how IT managers can respond. Discussions<br>
will include endpoint security, mobile security and the latest in malware<br>
threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br></blockquote></div><br>
</div></blockquote><blockquote type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Live Security Virtual Conference</span><br><span>Exclusive live event will cover all the ways today's security and </span><br>



<span>threat landscape has changed and how IT managers can respond. Discussions </span><br><span>will include endpoint security, mobile security and the latest in malware </span><br><span>threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a></span></div>



</blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Snort-users mailing list</span><br><span><a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a></span><br>



<span>Go to this URL to change user options or unsubscribe:</span><br><span><a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a></span><br>


<span>Snort-users list archive:</span><br>
<span><a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a></span><br><span></span><br><span>Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!</span></div>



</blockquote></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Rick Chisholm<br><a href="http://parallel42.ca" target="_blank">http://parallel42.ca</a><br><a href="http://appliedusers.ca" target="_blank">http://appliedusers.ca</a><br>


=========================<br>"There is no faith which has never yet been broken, except that of a truly faithful dog." - Konrad Lorenz<br>
</div></div></blockquote></div><br>
</div></div><br>------------------------------------------------------------------------------<br>
Live Security Virtual Conference<br>
Exclusive live event will cover all the ways today's security and<br>
threat landscape has changed and how IT managers can respond. Discussions<br>
will include endpoint security, mobile security and the latest in malware<br>
threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@...4626...ceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Doug Burks | <a href="http://securityonion.blogspot.com" target="_blank">http://securityonion.blogspot.com</a><br>
Don't miss SANS SEC503 Intrusion Detection In-Depth in <br>Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!<br><a href="http://augusta.issa.org/drupal/SANS-Augusta-2012" target="_blank">http://augusta.issa.org/drupal/SANS-Augusta-2012</a><br>

</div>