Snort mailing list archives

Re: acid-0.9.6b18 - problems with postgresql

From: roman () danyliw com
Date: Fri, 16 Nov 2001 16:55:46 US/Eastern

Hugh,

The patch you sent will not return a count of unique links.  Rather, this 
SQL will return the number of unique source IPs, dest. IPs, and IP proto.

A fix for this issue (and for MS SQL) has been committed to CVS.

cheers,
Roman

On Fri, 16 Nov 2001, Hugh Fraser wrote:

Vladimir Strezhnev wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Snort 1.8.2, postgresql 7.1.3, acid-0.9.6b18)

Acid-0.9.6b18 and the latest acid CVS produce the following error loading the 
acid_main.php screen when configured with postgresql support 

Database ERROR:Database ERROR:ERROR: Aggregate functions may only have one 
parameter

All previous recent versions (tested b13, b14, b17)  work fine with the same 
configuration.

- -- 
VLADIMIR STREZHNEV
System Engineer
IndiVisual Learning, LLC
St. Paul, MN 
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBO/VcUr5tPDt+Qc/uEQJvRQCcDgcaKEyya4LZPqGqg3e5fcgF5coAoKdO
y7z8aVUlpiED1VoTnBBQwDCN
=D3Wf
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

There's at least one change that needs to go into ACID.

diff ./acid_stat_common.php /var/www/html/acid/acid_stat_common.php
308c308
<      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM 
acid_event");
---
 >      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
acid_event.ip_src), COUNT(DISTINCT acid_event.ip_dst), COUNT(DISTINCT 
acid_event.ip_proto) FROM acid_event");
310c310
<      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM 
acid_event $join $where");
---
 >      $result = $db->acidExecute("SELECT COUNT(DISTINCT 
acid_event.ip_src), COUNT(DISTINCT acid_event.ip_dst), COUNT(DISTINCT 
acid_event.ip_proto) FROM acid_event $join $where");

I expect this aggregating that Postgres doesn't like happens in other 
modules as well.




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

acid-0.9.6b18 - problems with postgresql Vladimir Strezhnev (Nov 16)
- Re: acid-0.9.6b18 - problems with postgresql Hugh Fraser (Nov 16)
- <Possible follow-ups>
- Re: acid-0.9.6b18 - problems with postgresql roman (Nov 16)