From: Richard Pesce (RPesceco.amador.ca.us)
Date: Tue Jan 13 2004 - 12:47:01 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ACID v0.9.6b24 and snort 2.06 on red-hat 9 and NO patches :)

spp_ portscan(2) was showing up in acid, however not within the
acid_stat_common.php page. they were lumped under the TCP and UDP bar's
and stats. In order for "fix" this I made these changes:

file:acid_common.php
search for: (rawurlencode("spp_portscan")).
replace with: (rawurlencode("%_portscan%")).

file: acid_stat_common.php
search for: "WHERE sig_name LIKE '%spp_portscan%'");
replace with: "WHERE sig_name LIKE '%_portscan%'");
search for: "WHERE signature LIKE 'spp_portscan%'");
replace with: "WHERE signature LIKE '%_portscan%'");

For some reason the spp_portscan(2) was showing up as spp\_portscan(2)
and thus breaking the acid portscan functionality.

I hope this helps with all those notorious "Acid not displaying
portscans" help requests.

rpesceco.amador.ca.us

-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]