[Snort-users] Archiving In Acid
This is a discussion on [Snort-users] Archiving In Acid within the Snort forums, part of the System Security and Security Related category; This message is in MIME format. Since your mail reader does not understand this format, some or all of this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-06-2004
|
|||
|
|||
[Snort-users] Archiving In Acid
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible. ------_=_NextPart_001_01C41B74.34C30990 Content-Type: text/plain I have running Acid on a Win2k box with PHP installed, Everything works fine except archiving I have worked out that after selecting an Item to archive Acid is then Querying The Archive Database for the Item and not finding it there for I get an Error Stating that No alerts were selected or the ARCHIVE-move was not successful. Has anyone seen anything like this before I have specified the Correct Live and Archive Databases in the Acid_conf.php and these are the only changes I have made to the php file apart form turning on the Debugging and SQL trace log. From the SQL trace log you can see that it is connecting to the Archive Database running the Query on that and then attempting to insert the entry back in to the Archive DB. ---------------------------------------------------------------------------- ---- Connect [mysql] archive1@bne506:3306 as root [Apr 05 2004 16:53:12] /acid/acid_stat_alerts.php - db version 106 ---------------------------------------------------------------------------- ---- SELECT sig_id FROM signature WHERE sig_name='ICMP PING speedera' INSERT INTO iphdr (sid,cid, ip_src, ip_dst, ip_ver,ip_hlen,ip_tos,ip_len,ip_id,ip_flags, ip_off,ip_ttl,ip_proto,ip_csum) VALUES (1, 115215, '1075599074', '3523898084','4','5','0','84','57154','0','0','46' ,'1','55673') __________________________________________________ _ Damon Kalajzich Security Administrator Allens Arthur Robinson Phone: 61 7 3334 3193 Mobile: 0414 549 135 ************************************************** ********************* Allens Arthur Robinson online: http://www.aar.com.au This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege. Any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. If you have received it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth). Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. ************************************************** ********************* ------_=_NextPart_001_01C41B74.34C30990 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD> <BODY> <DIV><SPAN class=292330501-06042004><FONT face=Arial size=2>I have running Acid on a Win2k box with PHP installed, Everything works fine except archiving I have worked out that after selecting an Item to archive Acid is then Querying The Archive Database for the Item and not finding it there for I get an Error Stating that <SPAN class=519160805-05042004><FONT face="Times New Roman" color=#ff0000 size=3>No alerts were selected or the ARCHIVE-move was not successful. </FONT></SPAN></FONT></SPAN></DIV> <DIV><SPAN class=292330501-06042004>Has anyone seen anything like this before I have specified the Correct Live and Archive Databases in the Acid_conf.php and these are the only changes I have made to the php file apart form turning on the Debugging and SQL trace log. From the SQL trace log you can see that it is connecting to the Archive Database running the Query on that and then attempting to insert the entry back in to the Archive DB.</SPAN></DIV> <DIV><SPAN class=292330501-06042004></SPAN> </DIV> <DIV><SPAN class=292330501-06042004><FONT size=2> <P>--------------------------------------------------------------------------------</P> <P>Connect [mysql] archive1@bne506:3306 as root</P> <P>[Apr 05 2004 16:53:12] /acid/acid_stat_alerts.php - db version 106</P> <P>--------------------------------------------------------------------------------</P> <P>SELECT sig_id FROM signature WHERE sig_name='ICMP PING speedera'</P> <P>INSERT INTO iphdr (sid,cid,</P> <P>ip_src,</P> <P>ip_dst,</P> <P>ip_ver,ip_hlen,ip_tos,ip_len,ip_id,ip_flags,</P> <P>ip_off,ip_ttl,ip_proto,ip_csum) VALUES (1, 115215, '1075599074', '3523898084','4','5','0','84','57154','0','0','46' ,'1','55673')</P></FONT></SPAN></DIV> <P> <DIV align=left>_______________________________________ ____________</DIV> <DIV> </DIV> <DIV><FONT face=Arial><STRONG>Damon Kalajzich</DIV></FONT></STRONG> <DIV><FONT face=Arial size=2>Security Administrator</DIV></FONT> <DIV> <DIV><FONT face=Arial size=2>Allens Arthur Robinson</DIV></FONT> <DIV><FONT face=Arial size=2>Phone: 61 7 3334 3193</DIV></FONT> <DIV><FONT face=Arial size=2>Mobile: 0414 549 135 </DIV></DIV></FONT> <P> </P> <DIV> </DIV> <P>*********************************************** ************************</P> <P>Allens Arthur Robinson online: <A href="http://www.aar.com.au">http://www.aar.com.au</A></P> <P>This email (including all attachments) may contain personal information <BR>and is intended solely for the named addressee. It is confidential and <BR>may be subject to legal or other professional privilege. Any <BR>confidentiality or privilege is not waived or lost because this email <BR>has been sent to you by mistake. If you have received it in error, <BR>please let us know by reply email, delete it from your system and <BR>destroy any copies.</P> <P>This email is also subject to copyright. No part of it should be <BR>reproduced, adapted or communicated without the written consent of the <BR>copyright owner. Any personal information in this email must be handled <BR>in accordance with the Privacy Act 1988 (Cth).</P> <P>Emails may be interfered with, may contain computer viruses or other <BR>defects and may not be successfully replicated on other systems. We <BR>give no warranties in relation to these matters. If you have any <BR>doubts about the authenticity of an email purportedly sent by us, <BR>please contact us immediately. </P> <P>*********************************************** ************************</P> </BODY></HTML> ------_=_NextPart_001_01C41B74.34C30990-- ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
