Snort mailing list archives
Re: ACID errors
From: roman () danyliw com
Date: Thu, 27 Sep 2001 00:03:31 US/Eastern
In addition to a migration to DB schema v104, some updates have been committed to CVS. Please give them a try. Roman On Tue, 25 Sep 2001 pbsarnac () ThoughtWorks com wrote:
I'm getting the following error in ACID whenever I pull up any Unique Alerts or Most Recent Alerts or Frequent Alerts lists: Database ERROR:You have an error in your SQL syntax near '' at line 1 By poking around in mysql, I've traced it to one of two signatures that we started seeing alerts on this morning. Whenever I do a search in ACID for readme.eml, I get the error, although searches for other signatures (such as "roughly ICMP") are fine. I'm not at all a SQL or php guy, so I'm stumped. Where do I troubleshoot from here? Snort Version 1.8.1-RELEASE (Build 74) ACID v0.9.6b1 These are the signatures (from the snort.sourcefire.com ruleset): web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt"; flags:A+; content:"window.open (\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;) web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase; classtype:attempted-user; sid:1284; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;) Any help is greatly appreciated! Thanks, pat s.
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: acid errors, (continued)
- RE: acid errors roman (Aug 27)
- ACID errors pbsarnac (Sep 25)
- RE: ACID errors Karen Marino (Sep 25)
- RE: ACID errors Steve Halligan (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- Re: ACID errors frank . bussink (Sep 26)
- Re: ACID errors Mark Rowlands (Sep 26)
- Re: ACID errors pbsarnac (Sep 26)
- Re: ACID errors roman (Sep 26)