Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: (no subject)

From: Marc-Andre Hamelin <mhamelin () matrox com>
Date: Wed, 28 Nov 2001 17:39:18 -0500
Hi Roman,

I had the same problem.
It occurred when I was doing a query with "Src or Dest" in ip criteria. I'm
using schemas 104. The problem started only when I upgraded to acid-0.9.6b18

After looking at the source code in acid_qry_common.php, I corrected the
problem by deleting "acid_event." in 2 lines (see below).
Since "acid_event." is already in $sql, it was appearing twice in the
request.


...
  $sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, ".
         "acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM
acid_event"; 
...


...
        /* if have chosen the address type to be both source and destination
*/
        if ( ereg("ip_both", $tmp) )
        {
####### BEFORE #######
#          $tmp_src = ereg_replace("ip_both","acid_event.ip_src",$tmp);
#          $tmp_dst = ereg_replace("ip_both","acid_event.ip_dst",$tmp);
####### AFTER #######
           $tmp_src = ereg_replace("ip_both","ip_src",$tmp);
           $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp);
#######
           if ( $ip_addr[$i][2] == '=' )
             $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';
           else
             $tmp = "(".$tmp_src.') AND ('.$tmp_dst.')';
        }
...



Hope this help.

Marc
 


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Roman
Danyliw
Sent: 26 novembre, 2001 14:11
To: Radomski, Mike
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] (no subject)


- What version of the DB schema are you running?
- Did you successfully apply the ACID modifications to the schema?  Did
you use the acid_db_setup.php page or run the create_acid_tbls_mysql.sql
scripts?
- What exact operation were you trying to perform when this error occurred?

Roman

On 26 November 2001 11:22, Radomski, Mike wrote:

      ACID version number: acid-0.9.6b18
      Web browser (and version) any
      Web server (and version) apache-1.3.20-16
      PHP version php-4.0.6-7
      Database server (and version) mysql-3.23.41-1
      Anytime I run a search I get the following results.

Initial/Canned Query or Sort Clicked
Database ERROR:Database ERROR:Unknown table 'acid_event.acid_event' in
where clause
SELECT COUNT(acid_event.cid) FROM acid_event WHERE acid_event.sid > 0

AND (

(( acid_event.acid_event.ip_src=2296320043 ) OR (
acid_event.acid_event.ip_dst=2296320043 )) )
SELECT COUNT(acid_event.cid) FROM acid_event  WHERE  acid_event.sid > 0

AND

(  (( acid_event.acid_event.ip_src=2296320043 ) OR (
acid_event.acid_event.ip_dst=2296320043 ))   )

Thanks

Mike Radomski

SUNY - ITEC
Information Technology Exchange Center
Systems Programmer/Analyst
E-mail: Mike.Radomski () itec mail suny edu
Systems E-Mail: scsys () itec mail suny edu




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: