RE: Acid Issues with snort

["Pacheco, Michael F." <MPacheco () elcom com>]

Hi,
 
In the same boat, but I found a work around that lets me archive all the
records I want.
 
I dropped my archive db's, did a mysqlexport of the production db's (all of
them), manually created archive db, did a mysqlimport of the prod db's.  I
then connected with ACID to the archive instance and deleted all the alerts.
Fixed acid_conf.php to point to the prod db and to the archive db per
standard install instructions and now I can archive and use the ACID search
engine to find whatever I want.
 
Hope that helps.
 
Mike Pacheco
 
P.S. - Anybody have a wag as to when 0.9.6b22 is due out?

-----Original Message-----
From: Cloppert, Michael [mailto:Michael.Cloppert () 53 com]
Sent: Friday, September 06, 2002 1:40 PM
To: 'Slighter, Tim'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Acid Issues with snort


I've seen this graphing behavior and have been bitching about it constantly
for months, but I've seen very little feedback - and no real resolutions -
on this or the snort-devel list.  At this point, I suspect the developers
know of the problem and don't know how to fix it, given the severe lack of
responses and documentation.
 
By the way, how did you fix the duplicate events/alerts problem?  I have
ACID 0.9.6b21 as well and see the problem daily.  I have literally hundreds
of events that can't be archived because they're "duplicate", but looking in
the database there are no duplicates, but there are other events that
somehow got the same sid:cid.  This is another thing I've been pleading with
ANYONE to give me feedback on and, as always, have received none.
 
mike

-----Original Message-----
From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
Sent: Thursday, September 05, 2002 3:05 PM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Acid Issues with snort



I have installed the latest releases of everything:
 
PHP 4.30
ACID 0.9.6b21
Apache 2.0.40
mySQL 4.0.3
Adodb 231
GD 1.8.4
Phplot 4.4.6
 
 
 on a new system and have documented and witnessed the following anomalies:
 
While the archiving feature now works, even with duplicate events/alerts,
now the AG Maintenance has some issues.  When a new AG is created, only the
ID shows up and no name.  Attempting to edit the AG or delete it and create
a new one, does not fix this problem.  The name and description do NOT show
up.  
 
The other issue is the graph tool.  This did work in the previous release
for ACID prior to ACID 0.9.6b20 but now the graphs do not render and present
broken graphics.  Guessing it has something to do with extracting the data
from an AG, which are not functioning correctly.
 
Anyone seen this or know of a "known" workaround ?
 
Thanks
 



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users