In version 5.202 if one goes to Query the local IDS logs, if one leaves the query field blank, what SHOULD come up is all logs from the time frame specified. This does not occur.
What does come up is frequently nothing at all.
If one checks the emailed alerts and searches for KNOWN CONTENT in the logs for instance the snort ID of an IDS alert that was generated, the query functions properly.
A work around is to search on the correctly formatted date and/or time subset of all snort alerts:
For instance, searching on 2005:05:12-13 should bring up all alerts generated between 1pm and 2pm today.
Searching for "all" [blank search field] brings up nothing.
Can I get a verification on this please?
This thread was automatically locked due to age.
