Snort mailing list archives
ACID/snort/MySQL
From: cc <cc () belfordhk com>
Date: Sat, 16 Aug 2003 11:16:30 +0800
Hi, I'm using ACID 0.96b23, PHP5.0 and MySQL 4. Say I select "Most frequent 5 Alerts" and then check the first alert and then at the bottom, I select "Delete Alert" and click on Selected. Shouldn't this actually delete the selected alert? What I end up getting is: No alerts were selected or the DELETE was not successful
From the debug line:
==== ACTION ====== context = 2 ==== DELETE Alerts ======== num_alert = 5 action_sql = FROM acid_event WHERE acid_event.sid > 0 action_op = Selected action_arg = 1 action_param = context = 2 limit_start = -1 limit_offset = -1 using_blobs = 1 Gathering elements from 1 alert blobs 0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' No alerts were selected or the DELETE was not successful ------------------------------------- action_cnt = 0 dup_cnt = 0 num_alert = 5 ==== DELETE Alerts END ======== And here's the Query State: Query State caller = 'most_frequent' num_result_rows = '5' sort_order = 'occur_d' current_view = '0' action_arg = '1' action = 'del_alert' SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp), max(timestamp) FROM acid_event WHERE acid_event.sid > 0 GROUP BY signature ORDER BY sig_cnt DESC I know a bit about SQL, but what I'm confused about is no where in the actual SQL line does it says to delete the actual alert. It only selects it. This is under the "5 Most Frequent" list. I've tried it under other modes, but none of the alerts seem to get deleted. Any help appreciated ** All information contained in this email is strictly ** ** confidential and may be used by the intended receipient ** ** only. **
Current thread:
- ACID/snort/MySQL cc (Aug 15)
- Can snort listening Interface wtihout IP configured? samwun (Aug 16)
- install/configure Snort in a switched-base network. samwun (Aug 16)
- Re: Can snort listening Interface wtihout IP configured? Ahmad Masood Shah (Aug 16)
- RE: Can snort listening Interface wtihout IP configured? samwun (Aug 16)
- Re: Can snort listening Interface wtihout IP configured? Matt Kettler (Aug 16)
- Can snort listening Interface wtihout IP configured? samwun (Aug 16)