Snort mailing list archives
Re: ACID: Outer Join Not Supported
From: rdanyliw () voicenet com
Date: Wed, 23 May 2001 11:49:53 US/Eastern
Kevin, You are exactly correct. PostgreSQL < 7.1 doesn't support quite a few SQL operations. One of which is the lack of support for OUTER JOINS. This functionality (among others) is quite crucial, hence the requirement for PostgreSQL v7.1+ [snip from ACID README] - MySQL 3.23+ or PostgreSQL 7.1+ as the database used by Snort to store the alert information. [end snip] In reference to incorrect alerts being displayed from the "graph alert detection time" page, I believe this issue has been fixed. Please let me know otherwise (and send the calling page and the incorrect result page with $debug_mode=1 based on the CVS code) Thanks, Roman
This error shows up on the main page (acid_main.php) when I try to access the Postgres (7.0.3) snort database with the latest version of Acid that I checked out of CVS (0.9.6b10). I was trying the new version because the previous version I had (0.9.6b8) was flaking on me. With 0.9.6b8 I would graph the alerts by number per hour and it would come back with the display, but when I would click on a specific hour (e.g. 10:00-10:59) to see the actual alerts it would come back saying that it found 0 alerts even if the graph said 800 alerts for that hour. The problem is, v0.9.6b10 seems to be using something that Postgres 7.0.3 doesn't know how to do, so instead of seeing the graphs for Traffic by protocol I see the table and at the bottom I see: Database ERROR:ERROR: OUTER JOIN is not yet supported Begin Geek Code; $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c ^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_% 16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$ h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^ $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^ (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID: Outer Join Not Supported Kevin Brown (May 23)
- <Possible follow-ups>
- Re: ACID: Outer Join Not Supported rdanyliw (May 23)
- RE: ACID: Outer Join Not Supported Kevin Brown (May 23)
- RE: ACID: Outer Join Not Supported Mayers, Philip J (May 24)
- RE: ACID: Outer Join Not Supported Kelly Fallon (May 24)
- RE: ACID: Outer Join Not Supported Kevin Brown (May 24)
- RE: ACID: Outer Join Not Supported Kelly Fallon (May 24)