Snort mailing list archives
RE: ACID Reports via Command Line
From: Steve Halligan <giermo () geeksquad com>
Date: Thu, 12 Sep 2002 09:58:19 -0500
Is it possible to generate ACID reports via the command line instead of through the GUI? It would be nice to run the reports ina cron job. Thanks, Paul
Yes. Here is an email I sent to the list awhile back on this very topic. Attached is a sample script that updates the event cache using this method --------------begin excerpted email------------------------- A while ago, someone asked if there was a way to script the update of the ACID event cache table, in order to avoid long page loads on busy networks or if ACID hadn't been accessed in a long time. I suggested leaving a browser windows open, and using its auto_refresh to keep the cache updated. I am here today to say I have seen the light and there is an easier way! If you have php compiled as a CGI, you can use it just like you would use a perl or shell script. By the way, if you are using PHP as an apache module, you can also compile it as a cgi and use it both ways. You can then simply use cron to schedule it. This could also be done to automate email sending on alert, archiving, etc etc. The attached script updates the alert cache. Please excuse the bit of html it spits out, I call the update_alert function in acid which outputs in html. run it like this: /path/to/acid/acid_event_update.php The -q flag in the script supresses php's generator headers. Make sure to change the first line in the script to reflect where you have the php binary installed.
Attachment:
acid_event_update.php
Description:
Current thread:
- ACID Reports via Command Line Bradley, Paul (Sep 12)
- <Possible follow-ups>
- RE: ACID Reports via Command Line Tom Sevy (Sep 12)
- RE: ACID Reports via Command Line Steve Halligan (Sep 12)