Snort mailing list archives
Re: ACID v0.96b17 and postgres query problems
From: roman () danyliw com
Date: Tue, 13 Nov 2001 09:16:55 US/Eastern
Mark, I tried to reproduce this problem with no success using the following configuration: - PostgreSQL v7.1 - ACID v0.9.6b17-18 - Snort DB schema v104 I duplicated your actions by taking the following steps from the main page: - clicked on TCP from the Traffic Profile graph - clicked on Destination (or Source) address in the Summary Stats However, no errors were produced in the Unique IP address listing. Try turning on the sql trace log ($sql_trace_mode, $sql_trace_file) in acid_conf.php and send me the output. Roman ---------- Forwarded message ---------- Date: Sun, 04 Nov 2001 22:36:26 -0800 From: Mark W. Davis <mwd () netvisage net> To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Subject: [Snort-users] ACID v0.96b17 and postgres query problems When selecting a SOURCE or DESTINATION address in the Unique Addresses section of the 'Summary Statistics' box this error occurs(It also occurs in many other places as well): Syslog error: postgres[2416]: [2] ERROR: For SELECT DISTINCT, ORDER BY expressions must appear in target list Debug output: Session Registered History depth = 3 CRITERIA ERROR: unknown address type -- assuming Dst address Checking for DB abstraction lib in '/apache/htdocs/adodb/adodb.inc.php' sensor #1: event.cid = 2699, acid_event.cid = 2699 Added 0 alert(s) to the Alert cache Valid Canned Query List Array ( [most_frequent] => Array ( [0] => 15 [1] => Most Frequent IP addresses [2] => occur_d ) ) Query State caller = '' num_result_rows = '4' sort_order = '' current_view = '0' action_arg = '' action = '' SELECT DISTINCT ip_dst, COUNT(acid_event.cid) as num_events, COUNT( DISTINCT acid_event.sid) as num_sensors, COUNT(DISTINCT signature ) as num_sig, COUNT( DISTINCT ip_dst ) as num_dip FROM acid_event WHERE acid_event.sid > 0 AND ip_proto= 6 GROUP BY ip_dst URL: '/acid/acid_stat_uaddr.php' (referred by: 'http://xxx.domain.com/acid/acid_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB') PARAMETERS: 'addr_type=1' CLIENT: Mozilla/4.76 [en] (X11; U; Linux 2.2.18 i686) SERVER: Apache/1.3.20 (Unix) mod_perl/1.26 mod_ssl/2.8.4 SERVER HW: Linux xxx.domain.com 2.2.19 #1 Fri Mar 9 12:09:12 PST 2001 i686 unknown DATABASE TYPE: postgres DB ABSTRACTION VERSION: PHP VERSION: 4.0.6 PHP API: apache SESSION ID: aceb4d279c0b08272e66f1 I am running snort 1.8.1-release logging to postgres 1.7mumble. -- Mark W. Davis --------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID v0.96b17 and postgres query problems Mark W. Davis (Nov 04)
- <Possible follow-ups>
- Re: ACID v0.96b17 and postgres query problems roman (Nov 13)