Snort mailing list archives
RE: Email using mysql
From: Steve Halligan <agent33 () geeksquad com>
Date: Mon, 7 May 2001 13:11:57 -0500
This was fixed. If you want to implement the database abstraction stuff, go to www.andrew.cmu.edu/`rdanyliw/snort/snortacid.html and grab the lastest acid release. If you want to keep essentially the same acid you are using now download the 0.9.6b1 release, it fixes this bug. -steve -----Original Message----- From: Michael Aylor [mailto:maylor () swbanktx com] Sent: Monday, May 07, 2001 12:19 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Email using mysql Hello, I'm having a problem with ACID sending an email of selected alerts. The order of events I do to generate the error are as follows. 1. Launch web browser (IE 5.01) and pull up the acid_main.php page (hosted on Apache server version 1.3.19-5). 2. Pull up a set of alerts I'm interested. At the bottom of the page, I use the drop down box to select "Email Alerts(s)" and in the corresponding field, I type the email address I want to send it to. 3. The webpage is refreshed, but with error messages. Warning: 1 is not a valid MySQL-Link resource in /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 83 Warning: Supplied argument is not a valid MySQL result resource in /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 129 Warning: 1 is not a valid MySQL-Link resource in /home/httpd/html/acid/acid_pkt_main.php on line 507 However, I do get an email message sitting in my inbox, but it has no query data on it. All it says is Bottom of Form 0 ACID v0.9.5 ( by Roman Danyliw <mailto:roman () danyliw com> as part of the AirCERT <http://www.cert.org/kb/aircert/> project ) I set acid to debug mode=1 in the acid_conf.php page and it spit out a whole bunch of stuff, the most interesting to me was the actual sql query it ran against the snort database. I'll include that here. SQL: SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE event.cid > 0 AND signature='BIND Shell' Just as a part of troubleshooting, I went ahead and used a mysql client to enter that query in and it returned the expected data with no errors, so I know the query is good. I'm using MySQL version 3.23.36-1. Not sure what the problem is, but maybe someone can help me. Mike Aylor maylor () swbanktx com CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Email using mysql Michael Aylor (May 07)
- <Possible follow-ups>
- Re: Email using mysql roman (May 07)
- RE: Email using mysql Steve Halligan (May 07)
- RE: Email using mysql Steve Halligan (May 07)