Snort mailing list archives
ACID and delete alerts
From: cc <cc () belfordhk com>
Date: Mon, 16 Feb 2004 18:46:10 +0800
Hi, I'm using Snort 2.1.1RC2, ACID 0.9.6b23, MySQL 4.x. The Acid database is getting big, and I was trying to delete these acid alerts, but ACID keeps on saying "No alerts were selected or the DELETE was not successful." I go to the "Display 5 Most Frequent Alerts" and then select the first one (which happens to be a custom rule "Blocked Ad") and selected "Delete Alerts" in the combo box. Then I click on Selected. Here's a debug of the Delete Alerts part: ==== ACTION ====== context = 2 ==== DELETE Alerts ======== num_alert = 5 action_sql = FROM acid_event WHERE acid_event.sid > 0 action_op = Selected action_arg = action_param = context = 2 limit_start = -1 limit_offset = -1 using_blobs = 1 Gathering elements from 1 alert blobs 0 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 1 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 2 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 3 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' 4 = [using SQL 5 for blob ]: SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE acid_event.sid > 0 AND signature='-1' No alerts were selected or the DELETE was not successful ------------------------------------- I've been having troubles doing this since I first installed ACID, it's just that I haven't had the time to figure it out. Now with a little bit of time, I can spend some time analyzing some of these alerts. Btw, I'm using Mozilla 1.6, if it makes any difference. Any help appreciated. Edmund ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 16)
- Re: ACID and delete alerts cc (Feb 16)
- RE: ACID and delete alerts Michael Steele (Feb 17)
- Re: ACID and delete alerts cc (Feb 16)
- <Possible follow-ups>
- Re: ACID and delete alerts cc (Feb 17)
- RE: ACID and delete alerts Michael Steele (Feb 16)