Snort mailing list archives
RE: ACID tables populated, charts seem OK, but some query results empty
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Thu, 30 Mar 2006 10:23:01 -0500
Why not use BASE? ACID is a dead product. BASE is an improved and maintained fork from ACID. http://secureideas.sourceforge.net/ Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of subs Sent: Thursday, March 30, 2006 8:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] ACID tables populated, charts seem OK, but some query results empty Snort and ACID up for 12 hours, now - my acid_main.php shows: Sensors: 1 Unique Alerts: 7 ( 5 categories ) Total Number of Alerts: 233 * Source IP addresses: 41 * Dest. IP addresses: 14 * Unique IP links 75 * Source Ports: 38 o TCP ( 2) UDP ( 36) * Dest. Ports: 3 o TCP ( 1) UDP ( 2) ... with appropriate histograms for Traffic Profile by Protocol. I can successfully chart Time vs. number of Alerts, and I see data in the acid tables. PROBLEM: Some standard queries from acid_main.php give me empty results Sensors OK Unique alerts empty Categories OK Total Number of Alerts empty Source IP addresses OK Dest. IP addresses OK Unique IP links OK All source/dest ports queries OK Snapshot queries: Most recent Alerts (all) empty (gives count of 15, for all) Today's: alerts unique, listing empty (with counts) Today's: alerts unique, src, dts OK Etc... It appears that results are only shown where IPs are looked up - what could be the problem? Sorry if this is a FAQ (I have searched). Any help appreciated. S ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID tables populated, charts seem OK, but some query results empty subs (Mar 30)
- <Possible follow-ups>
- RE: ACID tables populated, charts seem OK, but some query results empty Briggs, Bruce (Mar 30)