RE: [Snort-users] ACID and delete alerts
This is a discussion on RE: [Snort-users] ACID and delete alerts within the Snort forums, part of the System Security and Security Related category; Change acid_conf.php and try using root access to MySQL with the appropriate password to see if that works. Kindest ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-17-2004
|
|||
|
|||
RE: [Snort-users] ACID and delete alerts
Change acid_conf.php and try using root access to MySQL with the appropriate
password to see if that works. Kindest regards, The WINSNORT.com Management Team -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support@winsnort.com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net [mailto:snort-users- > admin@lists.sourceforge.net] On Behalf Of cc > Sent: Monday, February 16, 2004 11:00 PM > To: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] ACID and delete alerts > > Michael Steele sighed and wrote:: > > > Check your configure in 'acid_conf.php" and make sure its correct and > make > > sure ACID has enough permissions to delete from the database. > > > > My acid user = Aciduser, and the following doesn't produce any > discernable error: > > mysq> grant create, insert,select,delete,update on snort.* to aciduser > identified by '<inpass>' > > mysq> grant create, insert,select,delete,update on snort.* to > aciduser@localhost identified by '<inpass>' > > And while looking at the Acid logs, I don't see any attempts at > running the Delete command. All logged commands were select > commands. > > As shown here: > > > -------------------------------------------------------------------------- > ------ > Connect [mysql] snort@localhost:3306 as snort > [Feb 17 2004 15:00:37] /acid/acid_stat_alerts.php - db version 106 > -------------------------------------------------------------------------- > ------ > > SELECT sid FROM sensor > SELECT MAX(cid) FROM event WHERE sid='1' > SELECT MAX(cid) FROM acid_event WHERE sid='1' > SELECT MAX(cid) FROM event WHERE sid='2' > SELECT MAX(cid) FROM acid_event WHERE sid='2' > SELECT MAX(cid) FROM event WHERE sid='3' > SELECT MAX(cid) FROM acid_event WHERE sid='3' > SELECT MAX(cid) FROM event WHERE sid='4' > SELECT MAX(cid) FROM acid_event WHERE sid='4' > SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' > SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='-1' > SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' > SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='-1' > SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' > SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='-1' > SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' > SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='-1' > SELECT count(acid_event.sid) FROM acid_event WHERE signature='-1' > SELECT acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='-1' > SELECT count(*) FROM acid_event > SELECT DISTINCT signature, count(signature) as sig_cnt, min(timestamp), > max(timestamp) FROM acid_event GR > OUP BY signature ORDER BY sig_cnt DESC > SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), > COUNT(DISTINCT ip_dst) FROM acid_event WHERE > signature='17' > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='17' > ORDER BY timestamp DESC > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='17' > ORDER BY timestamp ASC > SELECT sig_name FROM signature WHERE sig_id='17' > SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='17' > SELECT sig_sid FROM signature WHERE sig_id='17' > SELECT sig_class_id FROM signature WHERE sig_id = '17' > SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' > SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), > COUNT(DISTINCT ip_dst) FROM acid_event WHERE > signature='45' > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='45' > ORDER BY timestamp DESC > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='45' > ORDER BY timestamp ASC > SELECT sig_name FROM signature WHERE sig_id='45' > SELECT sig_class_id FROM signature WHERE sig_id = '45' > SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' > SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), > COUNT(DISTINCT ip_dst) FROM acid_event WHERE > signature='18' > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='18' > ORDER BY timestamp DESC > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='18' > ORDER BY timestamp ASC > SELECT sig_name FROM signature WHERE sig_id='18' > SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='18' > SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='8' > SELECT ref_system_name FROM reference_system WHERE ref_system_id='1' > SELECT sig_sid FROM signature WHERE sig_id='18' > SELECT sig_class_id FROM signature WHERE sig_id = '18' > SELECT sig_class_name FROM sig_class WHERE sig_class_id = '5' > SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), > COUNT(DISTINCT ip_dst) FROM acid_event WHERE > signature='202' > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='202' > ORDER BY timestamp DESC > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='202' > ORDER BY timestamp ASC > SELECT sig_name FROM signature WHERE sig_id='202' > SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='202' > SELECT sig_sid FROM signature WHERE sig_id='202' > SELECT sig_class_id FROM signature WHERE sig_id = '202' > SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' > SELECT COUNT(DISTINCT acid_event.sid), COUNT(DISTINCT ip_src), > COUNT(DISTINCT ip_dst) FROM acid_event WHERE > signature='40' > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='40' > ORDER BY timestamp DESC > SELECT timestamp, acid_event.sid, acid_event.cid FROM acid_event WHERE > signature='40' > ORDER BY timestamp ASC > SELECT sig_name FROM signature WHERE sig_id='40' > SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='40' > SELECT sig_sid FROM signature WHERE sig_id='40' > SELECT sig_class_id FROM signature WHERE sig_id = '40' > SELECT sig_class_name FROM sig_class WHERE sig_class_id = '0' > > > > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
