Snort mailing list archives
Re: Email using mysql
From: roman () danyliw com
Date: Mon, 7 May 2001 13:56:03 US/Eastern
Mike, It looks like you are using a really old version of the code (0.9.5). Significant internal changes have been made to ACID since that release. Goto http://acidlab.sourceforge.net and download the latest tarball (0.9.6b8). Note: I fixed a bug related to sending alerts in an email related to signature names coming up incorrectly this morning. Depending on your configuration (whether you are running DB schema version > 100), this may affect you. If so, check out a copy from CVS. cheers, Roman
------_=_NextPart_001_01C0D719.CC3522C4 Content-Type: text/plain; charset="iso-8859-1" Hello, I'm having a problem with ACID sending an email of selected alerts. The order of events I do to generate the error are as follows. 1. Launch web browser (IE 5.01) and pull up the acid_main.php page (hosted on Apache server version 1.3.19-5). 2. Pull up a set of alerts I'm interested. At the bottom of the page, I use the drop down box to select "Email Alerts(s)" and in the corresponding field, I type the email address I want to send it to. 3. The webpage is refreshed, but with error messages. Warning: 1 is not a valid MySQL-Link resource in /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 83 Warning: Supplied argument is not a valid MySQL result resource in /home/httpd/html/acid/acid_pkt_sqlcalls.php on line 129 Warning: 1 is not a valid MySQL-Link resource in /home/httpd/html/acid/acid_pkt_main.php on line 507 However, I do get an email message sitting in my inbox, but it has no query data on it. All it says is Bottom of Form 0 ACID v0.9.5 ( by Roman Danyliw <mailto:roman () danyliw com> as part of the AirCERT <http://www.cert.org/kb/aircert/> project ) I set acid to debug mode=1 in the acid_conf.php page and it spit out a whole bunch of stuff, the most interesting to me was the actual sql query it ran against the snort database. I'll include that here. SQL: SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE event.cid > 0 AND signature='BIND Shell' Just as a part of troubleshooting, I went ahead and used a mysql client to enter that query in and it returned the expected data with no errors, so I know the query is good. I'm using MySQL version 3.23.36-1. Not sure what the problem is, but maybe someone can help me. Mike Aylor maylor () swbanktx com CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************ ------_=_NextPart_001_01C0D719.CC3522C4 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-= 1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2650.12"> <TITLE>Email using mysql</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2 FACE=3D"Arial">Hello, I'm having a problem with ACID send= ing an email of selected alerts. The order of events I do to generate= the error are as follows.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">1. Launch web browser (IE 5.01) and = pull up the acid_main.php page (hosted on Apache server version 1.3.19-5).<= /FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">2. Pull up a set of alerts I'm inte= rested. At the bottom of the page, I use the drop down box to select = "Email Alerts(s)" and in the corresponding field, I type the emai= l address I want to send it to.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">3. The webpage is refreshed, but wit= h error messages.</FONT> </P> <P><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE= =3D"Arial">: 1 is not a valid MySQL-Link resource in</FONT><B> <FONT SIZE= =3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_sqlcalls.php</FONT></B><= FONT SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE=3D2 FACE=3D"Aria= l">83</FONT></B> <BR><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE= =3D"Arial">: Supplied argument is not a valid MySQL result resource in</FON= T><B> <FONT SIZE=3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_sqlcalls= ..php</FONT></B><FONT SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE= =3D2 FACE=3D"Arial">129</FONT></B></P> <P><B><FONT SIZE=3D2 FACE=3D"Arial">Warning</FONT></B><FONT SIZE=3D2 FACE= =3D"Arial">: 1 is not a valid MySQL-Link resource in</FONT><B> <FONT SIZE= =3D2 FACE=3D"Arial">/home/httpd/html/acid/acid_pkt_main.php</FONT></B><FONT= SIZE=3D2 FACE=3D"Arial"> on line</FONT><B> <FONT SIZE=3D2 FACE=3D"Arial">5= 07</FONT></B> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">However, I do get an email message sitting= in my inbox, but it has no query data on it. All it says is </FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial"></FONT> <P ALIGN=3DCENTER><FONT SIZE=3D1 FACE=3D"Arial">Bottom of Form 0</FONT></P> <P><FONT FACE=3D"Times New Roman">ACID v0.9.5 ( by<U> </U></FONT><U><FONT C= OLOR=3D"#0000FF" FACE=3D"Times New Roman">Roman Danyliw <<A HREF=3D"mail= to:roman () danyliw com">mailto:roman () danyliw com</A>></FONT></U><FONT FACE= =3D"Times New Roman"> as part of the</FONT><U> <FONT COLOR=3D"#0000FF" FACE= =3D"Times New Roman">AirCERT <<A HREF=3D"http://www.cert.org/kb/aircert/= " TARGET=3D"_blank">http://www.cert.org/kb/aircert/</A>></FONT></U><FONT= FACE=3D"Times New Roman"> project ) <BR> </FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">I set acid to debug mode=3D1 in the acid_= conf.php page and it spit out a whole bunch of stuff, the most interesting = to me was the actual sql query it ran against the snort database. I'l= l include that here.</FONT></P> <P><FONT FACE=3D"Times New Roman">SQL: SELECT event.sid, event.cid, signatu= re, timestamp, ip_src0, ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst= 2, ip_dst3, ip_proto FROM event LEFT JOIN iphdr ON event.sid=3Diphdr.sid AN= D event.cid=3Diphdr.cid WHERE event.cid > 0 AND signature=3D'BIND Shell'= </FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">Just as a part of troubleshooting, I went = ahead and used a mysql client to enter that query in and it returned the ex= pected data with no errors, so I know the query is good.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">I'm using MySQL version 3.23.36-1.&n= bsp; Not sure what the problem is, but maybe someone can help me.</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2 FACE=3D"Arial">Mike Aylor</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">maylor () swbanktx com</FONT> </P> <CODE><FONT SIZE=3D3><BR> <BR> CONFIDENTIALITY NOTICE:<BR> <BR> ************************************************************************<BR> <BR> The information contained in this ELECTRONIC MAIL transmission<BR> is confidential. It may also be privileged work product or proprietary<BR> information. This information is intended for the exclusive use of the<BR> addressee(s). If you are not the intended recipient, you are hereby<BR> notified that any use, disclosure, dissemination, distribution [other<BR> than to the addressee(s)], copying or taking of any action because<BR> of this information is strictly prohibited.<BR> <BR> ************************************************************************<BR> </FONT></CODE></BODY> </HTML> ------_=_NextPart_001_01C0D719.CC3522C4-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
---------------------------------------------
This message was sent using Voicenet WebMail.
http://www.voicenet.com/webmail/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Email using mysql Michael Aylor (May 07)
- <Possible follow-ups>
- Re: Email using mysql roman (May 07)
- RE: Email using mysql Steve Halligan (May 07)
- RE: Email using mysql Steve Halligan (May 07)