Re: SV: SV: [Secureideas-base-devel] Search form enhancement

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Thu, 2005-03-24 at 07:35, Christian Svensson wrote:
> Hola
>=20
> On your server do the following
>=20
> 1. from main page click search
> 2. add the ip criteria "218.145.226.85" (Src or Dst)
> 3. click Query DB
>=20
>  ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Addres=
s >   < Layer 4 Proto > =20
>             #0-(3-23662)        [snort] BLEEDING-EDGE Policy SSH Successf=
ul user connection        2005-03-24 06:23:54        218.145.226.85:59662  =
      66.177.41.115:22        TCP    =20
>             #1-(3-23664)        [snort] BLEEDING-EDGE Potential SSH Scan =
       2005-03-24 06:24:15        218.145.226.85:33960        66.177.41.115=
:22        TCP    =20
>             #2-(3-23665)        [snort] BLEEDING-EDGE Potential SSH Scan =
       2005-03-24 06:24:54        218.145.226.85:35473        66.177.41.115=
:22        TCP   =20
>=20
> Now do
>=20
> 1. from main page click search
> 2. add the ip criteria "218.145.226.85" (Src or Dst)
> 3. Mark sort order signature=20
> 4. click Query DB
>=20
>  ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Addres=
s >   < Layer 4 Proto > =20
>             #0-(3-23662)        [snort] BLEEDING-EDGE Policy SSH Successf=
ul user connection        2005-03-24 06:23:54        218.145.226.85:59662  =
      66.177.41.115:22        TCP    =20
>             #1-(3-23664)        [snort] BLEEDING-EDGE Potential SSH Scan =
       2005-03-24 06:24:15        218.145.226.85:33960        66.177.41.115=
:22        TCP    =20
>             #2-(3-23665)        [snort] BLEEDING-EDGE Potential SSH Scan =
       2005-03-24 06:24:54        218.145.226.85:35473        66.177.41.115=
:22        TCP    =20
>             #3-(3-23666)        [snort] BLEEDING-EDGE Policy SSH Successf=
ul user connection        2005-03-24 06:24:58        218.145.226.85:35473  =
      66.177.41.115:22        TCP    =20
>=20
> As u can see the result will be the same, if i have guessed correctly sho=
uld this sort order show the alerts in A-Z order witch i does not.
>=20
> So what do u mean by "The sig sort works as far as I can see" ?
>=20
> /Christian

Ok this makes sense now... I misunderstood since the original bug report
wasn't talking about sort order from a search but from a selection on
the main page.... so I tested the original report that I had discussed
with Harry way back when....

I am tearing apart the code now.... <g>

Kevin