RE: ACID: Outer Join Not Supported

[Kevin Brown <Kevin.M.Brown () asu edu>]

Joy.  Guess that means I will need to compile the new version of Postgres on
both the server and the snort machines and then rebuild snort.  Guess it's
time to do some digging and make sure that I won't break anything by doing
this.

-----Original Message-----
From: rdanyliw () voicenet com [mailto:rdanyliw () voicenet com]
Sent: Wednesday, May 23, 2001 04:50
To: Kevin Brown
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] ACID: Outer Join Not Supported


Kevin,

You are exactly correct.  PostgreSQL < 7.1 doesn't support quite
a few SQL operations.  One of which is the lack of support for
OUTER JOINS.  This functionality (among others) is quite 
crucial, hence the requirement for PostgreSQL v7.1+

[snip from ACID README]
 - MySQL 3.23+ or PostgreSQL 7.1+ as the database used by Snort to store the

   alert information.
[end snip]

In reference to incorrect alerts being displayed from the "graph
alert detection time" page, I believe this issue has been fixed.
Please let me know otherwise (and send the calling page and
the incorrect result page with $debug_mode=1 based on the
CVS code)

Thanks, 
Roman

> This error shows up on the main page (acid_main.php) when I try to access
> the Postgres (7.0.3) snort database with the latest version of Acid that I
> checked out of CVS (0.9.6b10).  I was trying the new version because the
> previous version I had (0.9.6b8) was flaking on me.  With 0.9.6b8 I would
> graph the alerts by number per hour and it would come back with the
display,
> but when I would click on a specific hour (e.g. 10:00-10:59) to see the
> actual alerts it would come back saying that it found 0 alerts even if the
> graph said 800 alerts for that hour.
>
> The problem is, v0.9.6b10 seems to be using something that Postgres 7.0.3
> doesn't know how to do, so instead of seeing the graphs for Traffic by
> protocol I see the table and at the bottom I see:
>
> Database ERROR:ERROR: OUTER JOIN is not yet supported
>
>
>
> Begin Geek Code;
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c
> ^=(
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72,@z=(64,72,$a^=12*($_%
> 16
-2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$
> h
=5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
>
d=unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d>>12^$d>>4^
> $d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*8^$q<<6))<<9,$_=$t[$_]^
> (($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}print+x"C*",@a}';s/x/pack+/g;eval
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users