Snort mailing list archives
RE: ACID and delete alerts
From: "Michael Steele" <michaels () winsnort com>
Date: Mon, 16 Feb 2004 07:55:39 -0800
Check your configure in 'acid_conf.php" and make sure its correct and make sure ACID has enough permissions to delete from the database. Kindest regards, The WINSNORT.com Management Team -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of cc Sent: Monday, February 16, 2004 2:46 AM To: snort-users () lists sourceforge net Subject: [Snort-users] ACID and delete alerts Hi, I'm using Snort 2.1.1RC2, ACID 0.9.6b23, MySQL 4.x. The Acid database is getting big, and I was trying to delete these acid alerts, but ACID keeps on saying "No alerts were selected or the DELETE was not successful." I go to the "Display 5 Most Frequent Alerts" and then select the first one (which happens to be a custom rule "Blocked Ad") and selected "Delete Alerts" in the combo box. Then I click on Selected. Here's a debug of the Delete Alerts part: ==== ACTION ====== context = 2 ==== DELETE Alerts ======== num_alert = 5 action_sql = FROM acid_event WHERE acid_event.sid > 0 action_op = Selected action_arg = action_param = context = 2 limit_start = -1 limit_offset = -1 using_blobs = 1 Gathering elements from 1 alert blobs 0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' No alerts were selected or the DELETE was not successful ------------------------------------- I've been having troubles doing this since I first installed ACID, it's just that I haven't had the time to figure it out. Now with a little bit of time, I can spend some time analyzing some of these alerts. Btw, I'm using Mozilla 1.6, if it makes any difference. Any help appreciated. Edmund ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 16)
- Re: ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 17)
- Re: ACID and delete alerts cc (Feb 16)
- <Possible follow-ups>
- Re: ACID and delete alerts cc (Feb 17)
- RE: ACID and delete alerts Michael Steele (Feb 16)