Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [snort-users] ACID Error -- no snort.signature table

From: roman () danyliw com
Date: Tue, 8 May 2001 10:01:23 US/Eastern
Jeff,

The issue related to the "no snort.signature table" has been fixed.
These are the diffs which will patch the version 0.9.6b8 code.
Alternatively, you could download version 0.9.6b9 which also
includes this fix.

file: acid_stat_common.php
================================
159,160d158
<   $schema_version = db_schema_version($db);
< 
162c160
<   if ( ($DBtype == "postgres") && ( $schema_version == 100 ) )
---

  if ( ($DBtype == "postgres") && (db_schema_version($db) == 100) )

166c164
<   else if ( $schema_version >= 100 )
---

  else

170,174d167
<   else
<       $result = $db->acidExecute("SELECT count(event.sid) FROM event ".
<                                  "WHERE signature LIKE 'spp_portscan%'");
< 
< 
============================


- I don't get a graph of "Traffic Profile by Protocol" which I guess means that
PHPlot is not properly installed.  It was super unclear how to install PHPlot
from either the PHPlot web site or the ACID docs.  Any hints.


The "Traffic Profile by Protocol" graph is not generated by PHPlot.  
The missing graph is a result of the earlier error (no signature 
table).  PHPlot is used for the"Graphing alert data" functionality; 
 NOTE: it is currently highly experimental


- If ACID works better with Snort 1.8, how can I get the beta code off of
sourceforge.  I tried the snort-daily.tar.gz link from an earlier thread, but
it didn't work.


The short answer is yes.  A number of schema changes were 
introduces in Snort 1.8 which will make ACID faster.  However,
all functionality should still exist even if you continue to use
Snort 1.7.

cheers,
Roman


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: