Snort mailing list archives

Re: inconsistency in acid-0.9.6b10?

From: roman () danyliw com
Date: Tue, 22 May 2001 18:15:01 US/Eastern

I believe this issue has been fixed with the latest commit to CVS.

NOTE: Significant changes have been made to the code
related to alert actions (e.g. delete, email, add to AG).  Regression
testing may be required to validate previous functionality.

[snip from CHANGELOG]

+ configuration parameter (max_script_runtime) to set max_execution_time
   PHP variable for time consuming operations
+ fixed bug with shared state incorrectly being carried over from 
   acid_stat_ipaddr links back to query results (reported: 
   <dmuz () angrypacket com>, Andreas Hasenack <andreas () netbank com br>)
+ re-organized and consolidated all code related to alert actions

I'm looking up an IP address and the table I get says:

Num of sensors        Occurrances as src      As dest.        First                                   Last
2                                8                              0         2001-05-08 16:27:16         2001-05-20 
18:22:06 


So far, so good. But when I click on that "8" number to see these occurances,
the timestamp doesn't match. I don't get an event with that "first" date
nor with that "last" date, but only events in between.
In fact, that "last" date is the date of the most recent event in my database,
and it has nothing to do with that IP I'm looking up. It doesn't matter what IP I
lookup, I always get as "Last occurance" the most recent event on my database.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

inconsistency in acid-0.9.6b10? Andreas Hasenack (May 20)
- <Possible follow-ups>
- Re: inconsistency in acid-0.9.6b10? roman (May 22)
  - Re: inconsistency in acid-0.9.6b10? Andreas Hasenack (May 23)
- Re: inconsistency in acid-0.9.6b10? roman (May 24)
- Re: inconsistency in acid-0.9.6b10? roman (May 24)
- Re: inconsistency in acid-0.9.6b10? Andreas Hasenack (May 24)