198

Chapter 6     Using ACID and SnortSnarf with Snort

6.3.6

Generating Graphs

Generating graphs is still experimental in ACID at the time of writing this book. I

have included it for the sake of introducing this interesting feature. You can go to the

ACID main page where a link is provided to generate graphs. When generating graphs,

you can select data and type of graph. For example, you can generate a line or bar graph

for alerts in the last five days. Figure 6 12 shows a sample bar graph for the alert data.

ACID uses the PHPLOT package on the backend side to generate these graphs.

You can also use another package, JPGRAPH in place of PHPLOT. JPGRAPH has a

different licensing scheme and there may be some restrictions for using it in commer 

cial environment.

N O T E 

The functionality described in this section is just an overview of ACID

capabilities. In addition to the tasks presented here, you can also use ACID to

archive data, delete data from the database and so on.

6.3.7

Archiving Snort Data

You have created a new database called 

snort_archive

 in the previous sec 

tions to archive the data from the main Snort database. Using ACID, you can either

move alerts from the main database to the archive database or just copy them. For

example, if you want to move all alerts from the main database to the archive database,

click the number next to  Total Number of Alerts  on the main ACID page. The next

page displays all of the alerts in the database. If the number of alerts is more than 50,

then only the first 50 alerts are displayed. Now you can use the bottom part of the

screen to archive the alerts as shown in Figure 6 13. Note that only the bottom part of

the browser window is shown in this figure.

If you click the  Entire Query  button in Figure 6 13, all alerts will be moved to

the archive database. The result of this action is shown in Figure 6 14.