Snort mailing list archives
Re: ACID and delete alerts
From: cc <cc () belfordhk com>
Date: Tue, 17 Feb 2004 15:00:25 +0800
Michael Steele sighed and wrote::
Check your configure in 'acid_conf.php" and make sure its correct and make sure ACID has enough permissions to delete from the database.
My acid user = Aciduser, and the following doesn't produce any discernable error: mysq> grant create, insert,select,delete,update on snort.* to aciduser identified by '<inpass>' mysq> grant create, insert,select,delete,update on snort.* to aciduser@localhost identified by '<inpass>' And while looking at the Acid logs, I don't see any attempts at running the Delete command. All logged commands were select commands. As shown here: -------------------------------------------------------------------------------- Connect [mysql] snort@localhost:3306 as snort [Feb 17 2004 15:00:37] /acid/acid_stat_alerts.php - db version 106 -------------------------------------------------------------------------------- SELECT sid FROM sensor SELECT MAX(cid) FROM event WHERE sid='1' SELECT MAX(cid) FROM acid_event WHERE sid='1' SELECT MAX(cid) FROM event WHERE sid='2' SELECT MAX(cid) FROM acid_event WHERE sid='2' SELECT MAX(cid) FROM event WHERE sid='3' SELECT MAX(cid) FROM acid_event WHERE sid='3' SELECT MAX(cid) FROM event WHERE sid='4' SELECT MAX(cid) FROM acid_event WHERE sid='4' SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE signature='-1' SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE signature='-1' SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE signature='-1' SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE signature='-1' SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE signature='-1' SELECT count(*) FROM acid_event SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp), max(timestamp) FROM acid_event GR OUP BY signature ORDER BY sig_cnt DESC SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), COUNT(DISTINCT ip_dst) FROM acid_event WHERE signature='17' SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='17' ORDER BY timestamp DESC SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='17' ORDER BY timestamp ASC SELECT sig_name FROM signature WHERE sig_id='17' SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='17' SELECT sig_sid FROM signature WHERE sig_id='17' SELECT sig_class_id FROM signature WHERE sig_id = '17' SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), COUNT(DISTINCT ip_dst) FROM acid_event WHERE signature='45' SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='45' ORDER BY timestamp DESC SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='45' ORDER BY timestamp ASC SELECT sig_name FROM signature WHERE sig_id='45' SELECT sig_class_id FROM signature WHERE sig_id = '45' SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), COUNT(DISTINCT ip_dst) FROM acid_event WHERE signature='18' SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='18' ORDER BY timestamp DESC SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='18' ORDER BY timestamp ASC SELECT sig_name FROM signature WHERE sig_id='18' SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='18' SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='8' SELECT ref_system_name FROM reference_system WHERE ref_system_id='1' SELECT sig_sid FROM signature WHERE sig_id='18' SELECT sig_class_id FROM signature WHERE sig_id = '18' SELECT sig_class_name FROM sig_class WHERE sig_class_id = '5' SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), COUNT(DISTINCT ip_dst) FROM acid_event WHERE signature='202' SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='202' ORDER BY timestamp DESC SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='202' ORDER BY timestamp ASC SELECT sig_name FROM signature WHERE sig_id='202' SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='202' SELECT sig_sid FROM signature WHERE sig_id='202' SELECT sig_class_id FROM signature WHERE sig_id = '202' SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), COUNT(DISTINCT ip_dst) FROM acid_event WHERE signature='40' SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='40' ORDER BY timestamp DESC SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE signature='40' ORDER BY timestamp ASC SELECT sig_name FROM signature WHERE sig_id='40' SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='40' SELECT sig_sid FROM signature WHERE sig_id='40' SELECT sig_class_id FROM signature WHERE sig_id = '40' SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 16)
- Re: ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 17)
- Re: ACID and delete alerts cc (Feb 16)
- <Possible follow-ups>
- Re: ACID and delete alerts cc (Feb 17)
- RE: ACID and delete alerts Michael Steele (Feb 16)