Snort mailing list archives
Re: Acid graphs broken?
From: <bthaler () webstream net>
Date: Wed, 24 Oct 2001 16:39:53 -0400
Actually I deleted the AG and data so it is gone. But I have created a new one just to test this.
Now we're trying to graph for today 24 OCT 2001.
I am not able to produce any graphs in Acid (the gd test graphs are fine, so I know my gd works).
I can confirm that the AG contains 355 alerts for 24 OCT 2001.
Here is the output of debug (it's quite long):
<--- BEGIN DEBUG OUTPUT --->
Chart criteria
Array
(
[0] => LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid)
[1] => ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >= UNIX_TIMESTAMP('2001-10-24 000000')
AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24 230000') )
)
chart_type = 1
data_source = 2
year_start year_end month_start month_end day_start day_end hour_start hour_end
2001 2001 10 10 24 24 0 23
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 0
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 1
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 2
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 3
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 4
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 5
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 6
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 7
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 8
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 9
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 10
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 11
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 12
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 13
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 14
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 15
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 16
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 17
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 18
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 19
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 20
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 21
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 22
SELECT count(*) FROM acid_event LEFT JOIN acid_ag_alert ON (acid_event.sid=acid_ag_alert.ag_sid AND
acid_event.cid=acid_ag_alert.ag_cid) WHERE ag_id = 2 AND ( UNIX_TIMESTAMP(timestamp) >=
UNIX_TIMESTAMP('2001-10-24 000000') AND UNIX_TIMESTAMP(timestamp) <= UNIX_TIMESTAMP('2001-10-24
230000') ) AND YEAR(timestamp) = 2001 AND MONTH(timestamp) = 10 AND DAYOFMONTH(timestamp) = 24 AND
HOUR(timestamp) = 23
chart_type = 1
data_source = 2
Handling Period if necessary ...
Dumping data ... (writing only every 1)
0 -- 0 - 0
1 -- 1 - 0
2 -- 2 - 0
3 -- 3 - 0
4 -- 4 - 0
5 -- 5 - 0
6 -- 6 - 0
7 -- 7 - 0
8 -- 8 - 0
9 -- 9 - 0
10 -- 10 - 0
11 -- 11 - 0
12 -- 12 - 0
13 -- 13 - 0
14 -- 14 - 0
15 -- 15 - 0
16 -- 16 - 355
17 -- 17 - 0
18 -- 18 - 0
19 -- 19 - 0
20 -- 20 - 0
21 -- 21 - 0
22 -- 22 - 0
23 -- 23 - 0
<--- END DEBUG OUTPUT --->
Thanks for your help,
Brad T.
----- Original Message -----
From: <roman () danyliw com>
To: <bthaler () webstream net>
Cc: <snort-users () lists sourceforge net>
Sent: Wednesday, October 24, 2001 12:29 PM
Subject: Re: [Snort-users] Acid graphs broken?
- Are you able to produce any graphs? - Can you confirm that there exists data for the 10/23/2001 in this alert group? - If so, enable $debug_mode=1 in acid_conf.php and send me the output. Roman On Tue, 23 Oct 2001 bthaler () webstream net wrote:I didn't see this in the Acid FAQ, so forgive me if it's been covered before. I'm using Snort-1.8 MySQL on WinNT4 SP6. ACID v0.9.6b16 with PHP 4.0.6 I have added some alerts to a newly created AG and I'm trying to graph the contents ofthe AG.I go to the acid_graph_main.php page and use the following params: Chart Type: Time (hour) vs. Number of Alerts Chart Period: 24 (whole day) Graph Type: Line (I tried all) Chart Begin: 0 23 OCT 2001 Chart End: 23 23 OCT 2001 Data Source: (My AG) This is the output I get: No array of data in $data_values Please Help, Brad T--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid graphs broken? bthaler (Oct 23)
- <Possible follow-ups>
- Re: Acid graphs broken? roman (Oct 24)
- Re: Acid graphs broken? bthaler (Oct 24)