[Snort-users] ACID v0.9.5b6 - news
roman at ...438...
Wed Nov 1 09:05:43 EST 2000
I suspect that Bill is absolutely correct and your deletion problem is
associated with not having the DELETE permissions.
This can be confirmed by manually inserting a row into the database, then
trying to delete it.
1. login to MySQL with the same credentials (i.e. username, password) as
you use in ACID.
e.g. % mysql <database> -u <user> -p
2. insert a test row into the event table
mysql> INSERT INTO event (sid, cid, signature, timestamp) VALUES (1,
10000000, "test", "0");
(this assumes that you don't already have a row with an event
ID=1000000. If you do just choose another event id #)
3. now delete this newly inserted row
mysql> DELETE FROM event WHERE sid=1 AND cid=10000000;
If you where not able to delete, this confirms that this is a permission
problem. Re-login to mysql as root, and issue a GRANT command (giving the
DELETE permission) to the ACID DB user.
e.g. GRANT DELETE on snort.* to acid at ...274...
(this assumes that my alert database is 'snort', username is 'acid', and
logging from the 'localhost')
However, if you were able to successfully delete there are some other
issues we need to resolve and send me an email.
> To: "Frank Reid" <fcreid at ...691...>
> From: "Bill Marquette" <wlmarque at ...8...>
> Subject: RE: [Snort-users] ACID v0.9.5b6 - news
> Date: Wed, 1 Nov 2000 07:26:53 -0600
> Frank, this is almost certainly a permission error. I had originally
> setup ACID
> to have read only access to my snort db and slowly added privs until all
> features worked. FYI, beta7 is up on Roman's page as of yesterday, you
> try that...I know it works here.
On Tue, 31 Oct 2000, Frank Reid wrote:
> Are the problems with alert deletion a rights issue to the database or
> something deeper in your code? I saw someone mention they are using the
> alert deletion feature successfully. I'd tried (FreeBSD, MySQL and ACID
> v0.9.5b6) and received the "Error deleting alert ..." message. Don't
> to play with the recommended rights on the database itself, unless
> the root of the problem. Thanks in advance.
More information about the Snort-users