Snort and ACID up for 12 hours, now - my acid_main.php shows:
Sensors: 1
Unique Alerts: 7 ( 5 categories )
Total Number of Alerts: 233
* Source IP addresses: 41
* Dest. IP addresses: 14
* Unique IP links 75
* Source Ports: 38
o TCP ( 2) UDP ( 36)
* Dest. Ports: 3
o TCP ( 1) UDP ( 2)
... with appropriate histograms for Traffic Profile by Protocol.
I can successfully chart Time vs. number of Alerts, and I see data in the
acid tables.
PROBLEM: Some standard queries from acid_main.php give me empty results
Sensors OK
Unique alerts empty
Categories OK
Total Number of Alerts empty
Source IP addresses OK
Dest. IP addresses OK
Unique IP links OK
All source/dest ports queries OK
Snapshot queries:
Most recent Alerts (all) empty (gives count of 15, for all)
Today's: alerts unique, listing empty (with counts)
Today's: alerts unique, src, dts OK
Etc...
It appears that results are only shown where IPs are looked up - what could
be the problem?
Sorry if this is a FAQ (I have searched).
Any help appreciated.
S
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
