ACID: Configuration Parameter Description
| Parameter | Version | Default Value | Description |
| alert_dbname | 0.9.1 | snort_log | Alert database name |
| alert_host | 0.9.1 | localhost | Host on which the alert database is stored |
| alert_port | 0.9.1 | Port on which to access the alert database (default port: 3306/tcp) |
|
| alert_user | 0.9.1 | root | Username to access the alert database |
| alert_password | 0.9.1 | mypassword | Password of the username |
| archive_dbname | 0.9.6 | snort_archive | Archive database name |
| archive_host | 0.9.6 | localhost | Host on which the archive database is stored |
| archive_port | 0.9.6 | Port on which to access the archive database (default port: 3306/tcp) |
|
| archive_user | 0.9.6 | root | Username to access the archive database |
| archive_password | 0.9.6 | mypassword | Password of the username to the archive database |
| DBlib_path | 0.9.6 | Full path to the DB abstraction (ADODB) library install | |
| DBtype | 0.9.6 | mysql | Type of database used ("mysql", "postgres") |
| db_connect_method | 0.9.6 | 1 | Type of DB connection to use
1 : use a persistant connection (pconnect) |
| use_referential_integrity | 0.9.6 | 0 | Assume the presense of referential integrity
Note: Only PostgreSQL and MS-SQL Server databases support referential integrity. Use the associated create_acid_tbls_?_extra.sql script to add this functionality to the database. |
| Parameter | Version | Default Value | Description |
| ChartLib_path | 0.9.6 | Full path to the PHPlot graphing library | |
| chart_file_format | 0.9.6 | png | File format of charts ('png', 'jpeg', 'gif') |
| chart_bg_color_default | 0.9.6 | (255,255,255) | background color of chart |
| chart_lgrid_color_default | 0.9.6 | (205,205,205) | gridline color of chart |
| chart_bar_color_default | 0.9.6 | (190,5,5) | bar/line color of chart |
| Parameter | Version | Default Value | Description |
| MAX_ROWS | 0.9.3 | 10 | Maximum instances of a criteria element in the search interface (e.g. IP address, TCP ports) |
| show_rows | 0.9.3 | 50 | Number of rows to display per screen for the query result |
| last_num_alerts | 0.9.3 | 15 | Number of alerts to return during the "Last XX Alerts" snapshot |
| last_num_ualerts | 0.9.5 | 15 | Number of unique alerts to return during the "Most recent XX Unique Alerts" snapshot |
| last_num_uports | 0.9.6 | 15 | Number of ports to return during the "Most recent XX Ports" snapshot |
| last_num_uaddr | 0.9.6 | 15 | Number of IP addresses to return during the "Most recent XX IP" snapshot |
| freq_num_alerts | 0.9.5 | 5 | Number of unique alerts to return during the "Most frequent XX Alerts" snapshot |
| freq_num_uaddr | 0.9.6 | 15 | Number of IP addresses to return during the "Most frequent XX IP addresses" snapshot |
| freq_num_uports | 0.9.6 | 15 | Number of ports to return during the "Most frequent XX ports" snapshot |
| max_scroll_buttons | 0.9.3 | 12 | Number of scroll buttons to use when browsing through any query results |
| Parameter | Version | Default Value | Description |
| refresh_stat_page | 0.9.4 | 1 | Should the statistics pages (Main Page, Last n Alerts) refresh?
0 : no refresh 1 : refresh based on the "stat_page_refresh_time" interval |
| stat_page_refresh_time | 0.9.4 | 180 | Interval (in seconds) at which to refreshes the statistics pages |
| show_previous_alert | 0.9.6 | 0 | Display [First/Previous/Last] timestamp for alerts or just
[First/Last] on the unique alert listing
1: yes 0: no |
| ip_address_input | 0.9.5 | 2 | How should the IP address criteria be entered in the Search screen?
1 : each octet is a separate field |
| resolve_IP | 0.9.6 | 1 | Defines whether an IP address whould be resolved into a FQDN in certain
operations
1 : yes |
| max_script_runtime | 0.9.6 | 180 | Sets maximum execution time (in seconds) of any particular page.
Note: this overrides the PHP configuration file variable max_execution_time. Thus script can run for a total of ($max_script_runtime + max_execution_time) seconds |
| event_cache_auto_update | 0.9.6 | 1 |
Should the event cache be verified and updated on every
page log? Otherwise, the cache will have to be explicitly
updated from the 'cache and status' page.
Note: enabling this option could substantially slow down the page loading time when there are many uncached alerts. However, this is only a one-time penalty.
1 : yes
0 : no
|
| maintain_history | 0.9.6 | 1 |
Maintain history of which pages were previously visited in
order to support the "back" button functionality.
Note: enabling this option will cause the PHP-session to grow substantially after many pages have been viewed causing a slowdown in page loading time. Periodically return to the main page to clear the history.
1 : yes
0 : no
|
| use_sig_list | 0.9.6 | 0 |
Should a combo box with possible signatures be displayed on the
search form. (Requires Javascript)
0 : disabled 1 : show only non pre-processor signatures (e.g., ignore portscans) 2 : show all signatures |
| Parameter | Version | Default Value | Description |
| debug_mode | 0.9.1 | 0 | Debug mode - How much debugging information should be displayed?
0 : no extra information |
| debug_time_mode | 0.9.6 | 0 | Debug Timing mode - Should page loading time be displayed?
0 : no timing information |
| sql_trace_mode | 0.9.6 | 0 | SQL Trace mode - Should SQL commands be logged?
0 : no logging |
| sql_trace_file | 0.9.6 | Trace file to write the SQL log | |
| html_no_cache | 0.9.6 | 0 | whether a no-cache directive should be sent to the browser (should be = 1 for IE) |
| Parameter | Version | Default Value | Description |
| action_email_from | 0.9.6 | ACID Alert <acid> | email address to use in the FROM field of the mail message |
| action_email_subject | 0.9.6 | ACID Incident Report | subject to use for the mail message |
| action_email_msg | 0.9.6 | additional text to include in the body of the message | |
| action_email_mode | 0.9.6 | 1 | specifies how that alert information should be enclosed
1 : alerts should be in the body of the message
0 : alerts should be enclosed as an attachment
|
| Parameter | Version | Default Value | Description |
| external_whois_link | 0.9.6 | URL to external whois server | |
| external_dns_link | 0.9.6 | URL to external DNS server | |
| external_all_link | 0.9.6 | URL to a website with various network tools | |
| external_port_link | 0.9.6 | URL to a ports database | |
| external_sig_link | 0.9.6 | URL to the signature reference systems |
| Parameter | Version | Default Value | Description |
| dns_cache_lifetime | 0.9.6 | 20160 | Lifetime (in minutes) of any cached DNS information |
| whois_cache_lifetime | 0.9.6 | 40320 | Lifetime (in minutes) of any cached whois information |
| portscan_file | 0.9.6 | Snort portscan pre-processor generated log file used to correlated portscan events | |
| main_page_detail | 0.9.6 | 1 |
Level of detail to display on the main page.
Note: The presence of summary statistics will slow page loading time.
1 : show both the links and summary statistics
0 : show only the links and a count of the number of alerts
|